CVE-2020-35576

HIGH

Tp-link Tl-wr841n Firmware < 201216 - OS Command Injection

Title source: rule

Description

A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.

Exploits (1)

exploitdb WORKING POC

by Koh You Liang · pythonwebappshardware

https://www.exploit-db.com/exploits/50058

View Code ZIP pw:eip

References (3)

[Patch, Third Party Advisory] https://jvn.jp/en/vu/JVNVU92444096/

[Patch, Vendor Advisory] https://www.tp-link.com/jp/support/download/tl-wr841n/v13/#Firmware

[Vendor Advisory] https://www.tp-link.com/us/security

Scores

CVSS v3 8.8

EPSS 0.7123

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

tp-link/tl-wr841n_firmware < 201216

Published Jan 26, 2021

Tracked Since Feb 18, 2026