CVE-2020-35576

HIGH

TP-Link TL-WR841N V13 (JP) < 201216 - Authenticated OS Command Injection via Traceroute Feature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-35576. PoCs published by Koh You Liang.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in TP-Link TL-WR841N routers by injecting a payload into the `host` parameter of a traceroute diagnostic request. The exploit sends a crafted POST request to execute arbitrary commands and retrieves the output via subsequent requests.

Description

A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.

Exploits (1)

exploitdb WORKING POC
by Koh You Liang · pythonwebappshardware
https://www.exploit-db.com/exploits/50058

This exploit leverages a command injection vulnerability in TP-Link TL-WR841N routers by injecting a payload into the `host` parameter of a traceroute diagnostic request. The exploit sends a crafted POST request to execute arbitrary commands and retrieves the output via subsequent requests.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: TP-Link TL-WR841N 0.9.1 4.0
Auth required
Prerequisites: Network access to the router's web interface · Valid credentials (default: admin:admin) · Router firmware version 0.9.1 4.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.7123
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
tp-link/tl-wr841n_firmware < 201216
Published Jan 26, 2021
Tracked Since Feb 18, 2026