The vulnerability in the implementation of the util_execSystem() function in the libcmm.so module of the TP-Link TL-WR840N (ES) router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the utilexecSystem function in the libcmm.so module of the TP-Link TL-WR840N ES router’s software lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow an attacker to execute arbitrary...

CVE-2020-36178

oaliptaddBridgeIsolationRules on TP-Link TL-WR840N 6EU0.9.14.16 devices allows OS command injection because a raw string entered from the web interface an IP address field is used directly for a call to the system library function for iptables. NOTE: oaliptaddBridgeIsolationRules is not the only...