Vulnerability Details CVE-2020-35576
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.698
EPSS Ranking 98.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2020-35576
-
cpe:2.3:h:tp-link:tl-wr841n:v13
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:-
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:0.9.1_4.16
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:0.9.1_4.18
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:150310
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:150616
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:3.13.9
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:3.16.9
-
cpe:2.3:o:tp-link:tl-wr841n_firmware:4.17.16_build_120201_rel.54750n