OS Command Injection Vulnerability in TP-Link TL-WR802N Router
CVE-2021-4144

8.8HIGH

Key Information:

Vendor: Tp-link
Status: Tl-wr802n V4(jp)
Vendor: CVE Published:; 23 December 2021

Summary

A vulnerability exists in the TP-Link TL-WR802N V4(JP) router, allowing for OS command injection via specially crafted requests. This issue affects devices running firmware versions prior to 211202. The exploitation of this vulnerability can lead to unauthorized access and execution of commands on the underlying operating system. Users are advised to upgrade their firmware promptly to mitigate any potential security risks.

Affected Version(s)

TL-WR802N V4(JP) firmware versions prior to 211202

References

https://www.tp-link.com/jp/support/download/tl-wr802n/#Fi...

x_refsource_CONFIRM

https://jvn.jp/en/vu/JVNVU94883311/

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 23, 2021
Vulnerability Reserved
Dec 21, 2021