QwikSec

Security Database

CVE

CWE

Training

CVE-2020-36178

Published: Jan 6, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.tp-link.com/fr/support/download/tl-wr840n/v6/#Firmware

x_refsource_MISC

https://therealunicornsecurity.github.io/TPLink/

x_refsource_MISC

https://github.com/therealunicornsecurity/therealunicornsecurity.github.io/blob/master/_posts/2020-10-11-TPLink.md

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2020-36178 - Security Vulnerability | QwikSec