Arbitrary Code Execution Vulnerability in TP-Link Archer A7 AC1750 Routers
CVE-2021-27246

8HIGH

Key Information:

Vendor: Tp-link
Status: Ac1750
Vendor: CVE Published:; 14 April 2021

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists in TP-Link Archer A7 AC1750 routers that allows network-adjacent attackers to execute arbitrary code. This flaw is due to improper handling of MAC addresses by the tdpServer endpoint. An attacker can exploit this vulnerability by sending a specially crafted TCP message that writes stack pointers to the memory stack. As a result, the attacker is able to execute code with root-level privileges, posing significant risks to network security.

Affected Version(s)

AC1750 1.0.15 Build 20200628 rel.63501(4341)

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-27246_Pwn2Own2020
Created by synacktiv

References

https://www.zerodayinitiative.com/advisories/ZDI-21-215/

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 14, 2021
🟡
Public PoC available
Mar 1, 2021
👾
Exploit known to exist
Mar 1, 2021
Vulnerability Reserved
Feb 16, 2021

Credit

@0xMitsurugi (Synacktiv), @swapgs (Synacktiv)