full-disclosure

1 exploit Active since Mar 2022
CVE-2021-44827 NOMISEC HIGH WORKING POC
TP-Link Archer C20i Firmware < 170221 - Authenticated OS Command Injection via X_TP_ExternalIPv6Address Parameter
There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges.
4 stars
CVSS 8.8