TP-Link TL-WR802N V4(JP) vulnerable to OS command injection


TP-Link TL-WR802N is a wifi router for home networks.
The firmware version 170705 is reported vulnerable to OS command injection (CWE-78).
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.2 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 8.5 (High) [Other]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: Single Instance
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products

TP-LINK Technologies
  • TL-WR802N firmware V4(JP) with firmware versions prior to 211202


Any user who can login to the web interface of the affected product may execute any OS commands.

[Update the Firmware]
Update to the latest version of the firmware according to the information provided by the developer.

The developer has released the firmware version 211202 to fix this vulnerability.
Vendor Information

TP-LINK Technologies
CWE (What is CWE?)

  1. OS Command Injection(CWE-78) [Other]
CVE (What is CVE?)

  1. CVE-2021-4144

  1. JVN : JVNVU#94883311
  2. National Vulnerability Database (NVD) : CVE-2021-4144
  3. Related document : TP-Link TL-WR802N V4(JP) Command Injection Exploit (CVE-2021-4144)
Revision History

  • [2021/12/24]
      Web page was published