Arbitrary Code Execution Vulnerability in TL-WDR7660 by TP-Link
CVE-2021-37774

8HIGH

Key Information:

Vendor: Tp-link
Status: Tl-wdr7660 Firmware
Vendor: CVE Published:; 19 January 2023

Summary

An arbitrary code execution vulnerability has been identified in the httpProcDataSrv function of the TL-WDR7660 2.0.30. This flaw could allow attackers to execute unauthorized code, potentially compromising the integrity of the device and the data it processes. It is crucial for users of the affected product to apply necessary patches and updates to mitigate risks associated with this vulnerability.

References

https://github.com/fishykz/TP-POC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2023
Vulnerability Reserved
Aug 2, 2021