CVE-2020-9374

{"id": "CVE-2020-9374", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-02-24T19:15:14.183", "references": [{"url": "http://packetstormsecurity.com/files/156584/TP-Link-TL-WR849N-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://fireshellsecurity.team/hack-n-routers/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/ElberTavares/routers-exploit/tree/master/tp-link", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature."}, {"lang": "es", "value": "En los dispositivos TP-Link TL-WR849N versi\u00f3n 0.9.1 4.16, una vulnerabilidad de ejecuci\u00f3n de comandos remota en el \u00e1rea de diagn\u00f3stico puede ser explotada cuando un atacante env\u00eda metacaracteres de shell espec\u00edficos hacia la funcionalidad traceroute del panel."}], "lastModified": "2022-01-01T19:29:55.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wr849n_firmware:0.9.1_4.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EDA3435-5AEF-408A-B3FB-118B0F5F16FD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wr849n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C2BC7C22-5455-4394-BAD5-F03122DDC732"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}