tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled.
2020-11-08T20:15:11.793
2024-11-21T05:22:38.740
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | tp-link | ac1750_firmware | < 201029 | Yes |
Hardware | tp-link | ac1750 | a7 | No |