CVE-2020-36178

oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tp-link:tl-wr840n_firmware:6_eu_0.9.1_4.16:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wr840n:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:28

Type Values Removed Values Added
References () https://github.com/therealunicornsecurity/therealunicornsecurity.github.io/blob/master/_posts/2020-10-11-TPLink.md - Exploit, Third Party Advisory () https://github.com/therealunicornsecurity/therealunicornsecurity.github.io/blob/master/_posts/2020-10-11-TPLink.md - Exploit, Third Party Advisory
References () https://therealunicornsecurity.github.io/TPLink/ - Exploit, Third Party Advisory () https://therealunicornsecurity.github.io/TPLink/ - Exploit, Third Party Advisory
References () https://www.tp-link.com/fr/support/download/tl-wr840n/v6/#Firmware - Vendor Advisory () https://www.tp-link.com/fr/support/download/tl-wr840n/v6/#Firmware - Vendor Advisory

Information

Published : 2021-01-06 21:15

Updated : 2024-11-21 05:28


NVD link : CVE-2020-36178

Mitre link : CVE-2020-36178

CVE.ORG link : CVE-2020-36178


JSON object : View

Products Affected

tp-link

  • tl-wr840n_firmware
  • tl-wr840n
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')