CVE-2020-9375

HIGH

Tp-link Archer C50 - Resource Leak

Title source: rule

Description

TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.

Exploits (3)

exploitdb WORKING POC

by thewhiteh4t · pythondoshardware

https://www.exploit-db.com/exploits/48255

View Code ZIP pw:eip

nomisec WORKING POC 20 stars

by thewhiteh4t · poc

https://github.com/thewhiteh4t/cve-2020-9375

View Code ZIP pw:eip

gitlab WORKING POC

by takertao · poc

https://gitlab.com/takertao/cve-2020-9375

View Code ZIP pw:eip

References (4)

[Various Sources] https://thewhiteh4t.github.io/blog/cve-2020-9375-tplink/

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/156928/TP-Link-Archer-C50-V3-Denial-of-Service.html

[Exploit, Third Party Advisory] https://thewhiteh4t.github.io/2020/02/27/CVE-2020-9375-TP-Link-Archer-C50-v3-Denial-of-Service.html

[Release Notes, Vendor Advisory] https://www.tp-link.com/in/support/download/archer-c50/v3/#Firmware

Scores

CVSS v3 7.5

EPSS 0.2804

EPSS Percentile 96.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-772

Status published

Products (3)

tp-link/archer_c50 build_170822

tp-link/archer_c50 build_171227

tp-link/archer_c50 build_200318

Published Mar 25, 2020

Tracked Since Feb 18, 2026