CVE-2021-27246

8HIGH

Key Information:

Vendor: Tp-link
Status: Ac1750
Vendor: CVE Published:; 14 April 2021

Badges

👾 Exploit Exists🟡 Public PoC

Summary

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-12306.

Affected Version(s)

AC1750 1.0.15 Build 20200628 rel.63501(4341)

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-27246_Pwn2Own2020
Created by synacktiv

References

https://www.zerodayinitiative.com/advisories/ZDI-21-215/

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 14, 2021
🟡
Public PoC available
Mar 1, 2021
👾
Exploit known to exist
Mar 1, 2021
Vulnerability Reserved
Feb 16, 2021

Credit

@0xMitsurugi (Synacktiv), @swapgs (Synacktiv)