// For flags

CVE-2021-27245

TP-Link Archer A7 Protection Mechanism Failure Firewall Bypass Vulnerability

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-12309.

Esta vulnerabilidad permite una omisión del firewall en las instalaciones afectadas de TP-Link Archer A7 antes de los enrutadores Archer C7(EE. UU.)_V5_210125 y Archer A7(EE. UU.)_V5_200220 AC1750. No es requerida una autenticación para explotar esta vulnerabilidad. El fallo específico se presenta dentro del manejo de las conexiones IPv6. El problema resulta de una falta de filtrado apropiado de las conexiones SSH IPv6. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar código en el contexto de root. Era ZDI-CAN-12309

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root.

*Credits: Team FLASHBACK: Pedro Ribeiro (@pedrib1337 | pedrib@gmail.com) + Radek Domanski (@RabbitPro)
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-02-16 CVE Reserved
  • 2021-02-24 CVE Published
  • 2023-12-27 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-693: Protection Mechanism Failure
CAPEC
References (1)
URL Tag Source
https://www.zerodayinitiative.com/advisories/ZDI-21-214 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tp-link
Search vendor "Tp-link"
 Archer A7 Firmware
Search vendor "Tp-link" for product "Archer A7 Firmware"
 < c7\(us\)_v5_210125
Search vendor "Tp-link" for product "Archer A7 Firmware" and version " < c7\(us\)_v5_210125"
-
Affected
in Tp-link
Search vendor "Tp-link"
 Archer A7
Search vendor "Tp-link" for product "Archer A7"
--
Safe
Tp-link
Search vendor "Tp-link"
 Archer A7 Firmware
Search vendor "Tp-link" for product "Archer A7 Firmware"
 < a7\(us\)_v5_200220
Search vendor "Tp-link" for product "Archer A7 Firmware" and version " < a7\(us\)_v5_200220"
-
Affected
in Tp-link
Search vendor "Tp-link"
 Archer A7
Search vendor "Tp-link" for product "Archer A7"
--
Safe