CVE-2020-28347

CRITICAL

TP-Link Archer A7 AC1750 Firmware < 201029 - Remote Code Execution via tdpServer slave_mac Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-28347. Includes Metasploit module exploits/linux/misc/tplink_archer_a7_c7_lan_rce.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in the tdpServer daemon on TP-Link Archer A7/C7 routers, allowing unauthenticated remote code execution (RCE) via a crafted UDP packet. The exploit includes a checksum calculation routine and targets firmware versions up to 201029/30.

Description

tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled.

Exploits (1)

metasploit WORKING POC EXCELLENT
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/tplink_archer_a7_c7_lan_rce.rb

This Metasploit module exploits a command injection vulnerability in the tdpServer daemon on TP-Link Archer A7/C7 routers, allowing unauthenticated remote code execution (RCE) via a crafted UDP packet. The exploit includes a checksum calculation routine and targets firmware versions up to 201029/30.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: TP-Link Archer A7/C7 (AC1750) v5 (firmware up to 201029/30)
No auth needed
Prerequisites: LAN access to the target router
devstral-2 · analyzed Mar 05, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/rapid7/metasploit-framework/pull/14365

Scores

CVSS v3 9.8
EPSS 0.8263
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
tp-link/ac1750_firmware < 201029
Published Nov 08, 2020
Tracked Since Feb 18, 2026