Vulnerability Details CVE-2020-24297
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2020-24297
-
cpe:2.3:h:tp-link:tl-wpa4220:v2
-
cpe:2.3:h:tp-link:tl-wpa4220:v3
-
cpe:2.3:h:tp-link:tl-wpa4220:v4
-
cpe:2.3:o:tp-link:tl-wpa4220_firmware:-
-
cpe:2.3:o:tp-link:tl-wpa4220_firmware:4.0.2
-
cpe:2.3:o:tp-link:tl-wpa4220_firmware:tl-wpa4220(eu)_v4_201023