CRITICAL🇵🇱 Wersja polska

CVE-2020-36178

CVSS 9.8v3.1pub. 2021-01-06upd. 2024-11-21

oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tp Link Tl Wr840n

    HW
    Tp-Link
    wszystkie wersje
  • Tp Link Tl Wr840n Firmware

    OS
    Tp-Link
    6_eu_0.9.1_4.16
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2022-25064CRITICAL9.8ten sam produkt

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via t...

CVE-2022-25060CRITICAL9.8ten sam produkt

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the compone...

CVE-2022-25061CRITICAL9.8ten sam produkt

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the compone...

CVE-2021-41653CRITICAL9.8ten sam produkt

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulne...

CVE-2018-11714CRITICAL9.8ten sam produkt

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR8...