Vulnerability Description
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | C2 Firmware | <= 0.9.1_4.2_v0032.0_build_160706 |
| Tp-Link | C2 | - |
| Tp-Link | C20I Firmware | <= 0.9.1_4.2_v0032.0_build_160706 |
| Tp-Link | C20I | - |
Related Weaknesses (CWE)
References
- https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.htmlExploitTechnical DescriptionThird Party Advisory
- https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.htmlExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2017-8220?
CVE-2017-8220 is a vulnerability with a CVSS score of 9.9 (CRITICAL). TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP PO...
How severe is CVE-2017-8220?
CVE-2017-8220 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-8220?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link C2 Firmware, Tp-Link C2, Tp-Link C20I Firmware, Tp-Link C20I.