OS Command Injection Vulnerability in TP-Link TL-WR840N Router
CVE-2020-36178
9.8CRITICAL
What is CVE-2020-36178?
The TP-Link TL-WR840N 6_EU_0.9.1_4.16 is susceptible to an OS command injection flaw due to improper handling of user input from its web interface. Specifically, the function oal_ipt_addBridgeIsolationRules allows raw strings, such as those entered in an IP address field, to be directly executed within a system library call, leading to potential misuse. Such vulnerabilities can provide attackers with the ability to execute arbitrary commands on the affected device, creating significant security risks.
References
EPSS Score
9% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved