CVE-2021-44827

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
04/03/2022
Last modified:
15/03/2022

Description

There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:tp-link:archer_c20i_firmware:*:*:*:*:*:*:*:* 170221 (including)
cpe:2.3:h:tp-link:archer_c20i:-:*:*:*:*:*:*:*