Description
TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases.
Exploits (1)
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/JackDoan/TP-Link-ArcherC5-RCE
Scores
CVSS v3
7.2
EPSS
0.1962
EPSS Percentile
95.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
tp-link/archer_c5_firmware
< 2_160201_us
Published
Nov 26, 2018
Tracked Since
Feb 18, 2026