Lucene search
PRIOn knowledge basePRION:CVE-2020-28347HistoryNov 08, 2020 - 8:15 p.m.
Code injection
2020-11-0820:15:00
PRIOn knowledge base
www.prio-n.com
5
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ac1750_firmware | lt | 201029 |
References
github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2019/lao_bomb/lao_bomb.md
github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/minesweeper.md
github.com/rapid7/metasploit-framework/pull/14365
github.com/rdomanski/Exploits_and_Advisories/blob/master/advisories/Pwn2Own/Tokyo2019/lao_bomb.md
github.com/rdomanski/Exploits_and_Advisories/blob/master/advisories/Pwn2Own/Tokyo2020/minesweeper.md
Related
cvelist
cvelist
CVE-2020-28347
2020-11-08 20:00:39
CVE-2020-10882
2020-03-25 19:15:23
nvd
nvd
CVE-2020-28347
2020-11-08 20:15:11
CVE-2020-10882
2020-03-25 21:15:11
cve
cve
CVE-2020-28347
2020-11-08 20:15:11
CVE-2020-10882
2020-03-25 21:15:11
cnvd
cnvd
TP-Link Archer A7 AC1750 Command Injection Vulnerability
2020-11-16 00:00:00
zdi
zdi
prion
prion
Design/Logic Flaw
2020-03-25 21:15:00
checkpoint_advisories
checkpoint_advisories
zdt
zdt
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution Exploit
2020-04-16 00:00:00
packetstorm
packetstorm
TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
2020-04-15 00:00:00