[Japanese]
|
JVNDB-2021-001010
|
TP-Link TL-WR841N V13 (JP) vulnerable to OS command injection
|
TP-Link TL-WR841N is a wifi router for home networks.
The firmware version 161028 for hardware version V13 (JP) is reported vulnerable to OS command injection (CWE-78).
According to the vendor, the firmware for hardware version V14 (JP) is not affected.
Koh You Liang of 3-shake Inc. reported this vulnerability to the developer and JPCERT/CC.
|
CVSS V3 Severity: Base Metrics 7.2 (High) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity: Base Metrics 8.5 (High) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: Single Instance
- Confidentiality Impact: Complete
- Integrity Impact: Complete
- Availability Impact: Complete
|
|
TP-LINK Technologies
- TL-WR841N firmware V13 (JP) with firmware versions prior to 201216
|
|
Any user who can login to the web interface of the product may execute any OS commands.
|
[Update the Firmware]
Update to the latest version of the firmware according to the information provided by the developer.
The developer has released the firmware version 201216 to fix this vulnerability.
|
TP-LINK Technologies
|
- OS Command Injection(CWE-78) [IPA Evaluation]
|
- CVE-2020-35576
|
- JVN : JVNVU#92444096
- National Vulnerability Database (NVD) : CVE-2020-35576
- Related document : TP-Link TL-WR841N Command Injection Exploit (CVE-2020-35576)
|
- [2021/01/25]
Web page was published
|