Vulnerability Description
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tl-Wr841N Firmware | < 201216 |
| Tp-Link | Tl-Wr841N | v13 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU92444096/PatchThird Party Advisory
- https://www.tp-link.com/jp/support/download/tl-wr841n/v13/#FirmwarePatchVendor Advisory
- https://www.tp-link.com/us/securityVendor Advisory
- https://jvn.jp/en/vu/JVNVU92444096/PatchThird Party Advisory
- https://www.tp-link.com/jp/support/download/tl-wr841n/v13/#FirmwarePatchVendor Advisory
- https://www.tp-link.com/us/securityVendor Advisory
FAQ
What is CVE-2020-35576?
CVE-2020-35576 is a vulnerability with a CVSS score of 8.8 (HIGH). A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metachar...
How severe is CVE-2020-35576?
CVE-2020-35576 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35576?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Wr841N Firmware, Tp-Link Tl-Wr841N.