CVE-2021-42232
https://notcve.org/view.php?id=CVE-2021-42232
TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router. TP-Link Archer A7 Archer versión A7(US)_V5_210519, está afectado por una vulnerabilidad de inyección de comandos en /usr/bin/tddp. La vulnerabilidad es causada por el programa que toma parte del paquete de datos recibido como parte del comando. • http://archer.com http://tp-link.com https://github.com/mQaLeX/IoT/blob/main/tp-link/Archer%20A7%28US%29_V5_20519_tddp.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-27245 – TP-Link Archer A7 Protection Mechanism Failure Firewall Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-27245
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-21-214 • CWE-693: Protection Mechanism Failure •