CVE-2020-28347

tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tp-link:ac1750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:ac1750:a7:*:*:*:*:*:*:*

Information

Published : 2020-11-08 12:15

Updated : 2021-07-21 04:39


NVD link : CVE-2020-28347

Mitre link : CVE-2020-28347


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

tp-link

  • ac1750_firmware
  • ac1750