Remote Command Execution Vulnerability in TP-Link TL-WR849N 0.9.1 4.16 Diagnostics Panel

Remote Command Execution Vulnerability in TP-Link TL-WR849N 0.9.1 4.16 Diagnostics Panel

CVE-2020-9374 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.

Learn more about our Web Application Penetration Testing UK.