CVE-2021-44827

HIGH

TP-Link Archer C20i Firmware < 170221 - Authenticated OS Command Injection via X_TP_ExternalIPv6Address Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-44827. PoCs published by full-disclosure.

AI-analyzed exploit summary This PoC exploits an authenticated remote code execution vulnerability in TP-Link Archer C20i routers by injecting a command into the X_TP_ExternalIPv6Address parameter, which spawns a telnet service for remote access. The exploit requires valid credentials and demonstrates successful command execution on the target device.

Description

There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges.

Exploits (1)

nomisec WORKING POC 4 stars
by full-disclosure · poc
https://github.com/full-disclosure/CVE-2021-44827

This PoC exploits an authenticated remote code execution vulnerability in TP-Link Archer C20i routers by injecting a command into the X_TP_ExternalIPv6Address parameter, which spawns a telnet service for remote access. The exploit requires valid credentials and demonstrates successful command execution on the target device.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: TP-Link Archer C20i (firmware versions before 20220217)
Auth required
Prerequisites: Network access to the target device · Valid admin credentials for the TP-Link router
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.tp-link.com/us/security
Exploit, Third Party Advisory x_refsource_misc
https://Full-Disclosure.eu

Scores

CVSS v3 8.8
EPSS 0.5396
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
tp-link/archer_c20i_firmware < 170221
Published Mar 04, 2022
Tracked Since Feb 18, 2026