CVE-2020-36178

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem.

oal_ipt_addBridgeIsolationRules en dispositivos TP-Link TL-WR840N versión 6_EU_0.9.1_4.16, permite una inyección de comandos del Sistema Operativo porque una cadena sin procesar ingresada desde la interfaz web (un campo de dirección IP) es usada directamente para una llamada a la función de biblioteca del sistema (para iptables)

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-06 CVE Reserved
2021-01-06 CVE Published
2024-08-04 CVE Updated
2024-08-04 First Exploit
2024-09-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC
https://github.com/therealunicornsecurity/therealunicornsecurity.github.io/blob/master/_posts/2020-10-11-TPLink.md	2024-08-04
https://therealunicornsecurity.github.io/TPLink	2024-08-04

URL	Date	SRC

URL	Date	SRC
https://www.tp-link.com/fr/support/download/tl-wr840n/v6/#Firmware	2021-01-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Tp-link Search vendor "Tp-link"	Tl-wr840n Firmware Search vendor "Tp-link" for product "Tl-wr840n Firmware"	6_eu_0.9.1_4.16 Search vendor "Tp-link" for product "Tl-wr840n Firmware" and version "6_eu_0.9.1_4.16"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr840n Search vendor "Tp-link" for product "Tl-wr840n"	-	-	Safe