ZDI-20-339: (Pwn2Own) TP-Link Archer A7 tmpServer Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TP-Link Archer A7 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of ZDI-20-339?
The severity of ZDI-20-339 is critical due to the potential for remote code execution without authentication.
How do I fix ZDI-20-339?
To fix ZDI-20-339, update your TP-Link Archer A7 router firmware to the latest version provided by the manufacturer.
What type of attack can leverage ZDI-20-339?
ZDI-20-339 can be exploited by remote attackers to execute arbitrary code on the affected TP-Link Archer A7 router.
Which devices are affected by ZDI-20-339?
The devices affected by ZDI-20-339 are TP-Link Archer A7 AC1750 routers.
Is authentication required to exploit ZDI-20-339?
No, authentication is not required to exploit the ZDI-20-339 vulnerability.
- agent/title
- agent/type
- agent/event
- agent/softwarecombine
- agent/tags
- collector/zdi-advisory
- alias/ZDI-20-339
- alias/ZDI-CAN-9662
- alias/CVE-2020-10886
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/description
- vendor/tp-link
- canonical/tp-link archer a7 firmware