CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 3CVE-2021-44827
https://notcve.org/view.php?id=CVE-2021-44827
There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges. Se ha detectado una inyección de comandos del Sistema Operativo autenticado en dispositivos TP-Link Archer C20i 0.9.1 3.2 versión v003a.0 Build 170221 Rel.55462n, mediante el parámetro HTTP X_TP_ExternalIPv6Address, permitiendo a un atacante remoto ejecutar comandos arbitrarios en el router con privilegios de root • https://github.com/full-disclosure/CVE-2021-44827 https://Full-Disclosure.eu https://full-disclosure.eu/reports/2022/CVE-2021-44827-tplink-authenticated-remote-code-execution.html https://www.tp-link.com/us/security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •