CVE-2020-36178
Summary
| CVE | CVE-2020-36178 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-01-06 21:15:00 UTC |
| Updated | 2021-01-12 14:38:00 UTC |
| Description | oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Tp-link | Tl-wr840n | - | All | All | All |
| Hardware | Tp-link | Tl-wr840n | - | All | All | All |
| Operating System | Tp-link | Tl-wr840n Firmware | 6_eu_0.9.1_4.16 | All | All | All |
| Operating System | Tp-link | Tl-wr840n Firmware | 6_eu_0.9.1_4.16 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Téléchargement pour TL-WR840N | TP-Link France | MISC | www.tp-link.com | Vendor Advisory |
| therealunicornsecurity.github.io/2020-10-11-TPLink.md at master · therealunicornsecurity/therealunicornsecurity.github.io · GitHub | MISC | github.com | Exploit, Third Party Advisory |
| Reversing TL-WR840N – Unicorn Security – Breaching Unicorns | MISC | therealunicornsecurity.github.io | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.