Published: 14/04/2021 Updated: 22/04/2021

CVSS v2 Base Score: 7.9 | Impact Score: 10 | Exploitability Score: 5.5

CVSS v3 Base Score: 8 | Impact Score: 5.9 | Exploitability Score: 2.1

VMScore: 703

Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C

This vulnerability allows network-adjacent malicious users to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-12306.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tp-link ac1750_firmware 1.0.15

Pwn2Own 2020 Tokyo Edition - TPlink exploit Here is the files used to exploit the TPlink Archer router during the Pwn2Own 2020 Tokyo The vulnerability has CVE-2021-27246 number You can check blogpost on the synacktiv website for the details wwwsynacktivcom/publications/pwn2own-tokyo-2020-defeating-the-tp-link-ac1750html

CWE-121 https://www.zerodayinitiative.com/advisories/ZDI-21-215/https://nvd.nist.gov https://github.com/synacktiv/CVE-2021-27246_Pwn2Own2020 https://www.zerodayinitiative.com/advisories/ZDI-21-215/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-27246

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect