TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.
References
Link | Resource |
---|---|
https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html | Exploit Technical Description Third Party Advisory |
https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html | Exploit Technical Description Third Party Advisory |
Configurations
History
21 Nov 2024, 03:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html - Exploit, Technical Description, Third Party Advisory |
Information
Published : 2017-04-25 20:59
Updated : 2024-11-21 03:33
NVD link : CVE-2017-8220
Mitre link : CVE-2017-8220
CVE.ORG link : CVE-2017-8220
JSON object : View
Products Affected
tp-link
- c20i_firmware
- c2
- c20i
- c2_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')