Command Injection Vulnerability in TP-Link Archer A7 Router
CVE-2021-42232

9.8CRITICAL

Key Information:

Vendor
Tp-link
Status
Archer A7 Firmware
Vendor
CVE Published:
23 August 2022

Summary

The TP-Link Archer A7 router is vulnerable to a command injection flaw located in the /usr/bin/tddp component. This vulnerability arises from the router's improper handling of incoming data packets, allowing an attacker to manipulate data sent to the device. As a result, the attacker could execute arbitrary commands on the router, potentially compromising the security and functionality of the device. Users of the Archer A7 should ensure their firmware is up to date to mitigate this risk.

References

http://tp-link.com
x_refsource_MISC
http://archer.com
x_refsource_MISC
https://github.com/mQaLeX/IoT/blob/main/tp-link/Archer%20...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.