Vulnerability Details CVE-2020-9374
On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.894
EPSS Ranking 99.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/156584/TP-Link-TL-WR849N-Remote-Code-Execution.html
- https://fireshellsecurity.team/hack-n-routers/
- https://github.com/ElberTavares/routers-exploit/tree/master/tp-link
- http://packetstormsecurity.com/files/156584/TP-Link-TL-WR849N-Remote-Code-Execution.html
- https://fireshellsecurity.team/hack-n-routers/
- https://github.com/ElberTavares/routers-exploit/tree/master/tp-link
Products affected by CVE-2020-9374
-
cpe:2.3:h:tp-link:tl-wr849n:-
-
cpe:2.3:o:tp-link:tl-wr849n_firmware:0.9.1_4.16