var-202101-0591
Vulnerability from variot
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577. TP-Link Provides Wi-Fi Router TL-WR841N Hardware version V13 (JP) For firmware for OS Command injection vulnerabilities (CWE-78) Exists. TP-Link According to the hardware version V14 (JP) It is said that this vulnerability does not exist in the firmware for. This vulnerability information is available from Three Shake Co., Ltd. Koh You Liang He reports directly to the product developer, and after coordinating with the product developer, aims to inform the product user. JVN It was announced in.Of the product web The user who can log in to the interface is not expected due to the firmware design OS May execute the command. Tp-link TL-WR841N is a wireless router of Tp-link company in China. Attackers can use this vulnerability to execute arbitrary commands on the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0591",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tl-wr841n",
"scope": "lt",
"trust": 1.6,
"vendor": "tp link",
"version": "201216"
},
{
"model": "tl-wr841n",
"scope": "eq",
"trust": 0.8,
"vendor": "tp link",
"version": "v13 (jp) \u5411\u3051\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 201216"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20282"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001010"
},
{
"db": "NVD",
"id": "CVE-2020-35576"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:tp-link:tl-wr841n",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001010"
}
]
},
"cve": "CVE-2020-35576",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-35576",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.5,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2021-001010",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 8.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2021-20282",
"impactScore": 8.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:C/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-35576",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-001010",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-35576",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-001010",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-20282",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2044",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-35576",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20282"
},
{
"db": "VULMON",
"id": "CVE-2020-35576"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001010"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2044"
},
{
"db": "NVD",
"id": "CVE-2020-35576"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577. TP-Link Provides Wi-Fi Router TL-WR841N Hardware version V13 (JP) For firmware for OS Command injection vulnerabilities (CWE-78) Exists. TP-Link According to the hardware version V14 (JP) It is said that this vulnerability does not exist in the firmware for. This vulnerability information is available from Three Shake Co., Ltd. Koh You Liang He reports directly to the product developer, and after coordinating with the product developer, aims to inform the product user. JVN It was announced in.Of the product web The user who can log in to the interface is not expected due to the firmware design OS May execute the command. Tp-link TL-WR841N is a wireless router of Tp-link company in China. Attackers can use this vulnerability to execute arbitrary commands on the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-35576"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001010"
},
{
"db": "CNVD",
"id": "CNVD-2021-20282"
},
{
"db": "VULMON",
"id": "CVE-2020-35576"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-35576",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU92444096",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001010",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2021-20282",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2044",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-35576",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20282"
},
{
"db": "VULMON",
"id": "CVE-2020-35576"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001010"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2044"
},
{
"db": "NVD",
"id": "CVE-2020-35576"
}
]
},
"id": "VAR-202101-0591",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20282"
}
],
"trust": 1.01731602
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20282"
}
]
},
"last_update_date": "2024-08-14T15:38:12.197000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Download TL-WR841N V13",
"trust": 0.8,
"url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v13/"
},
{
"title": "\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2 \u30d0\u30fc\u30b8\u30e7\u30f3\u306e\u78ba\u8a8d\u306e\u3057\u304b\u305f",
"trust": 0.8,
"url": "https://www.tp-link.com/jp/support/faq/315/"
},
{
"title": "Patch for Tp-link TL-WR841N injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/254146"
},
{
"title": "Tp-link TL-WR841N Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=140022"
},
{
"title": "TL_WR841N",
"trust": 0.1,
"url": "https://github.com/bussy1/TL_WR841N "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2020-35576 "
},
{
"title": "Vulnerability",
"trust": 0.1,
"url": "https://github.com/tzwlhack/Vulnerability "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/KayCHENvip/vulnerability-poc "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20282"
},
{
"db": "VULMON",
"id": "CVE-2020-35576"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001010"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2044"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001010"
},
{
"db": "NVD",
"id": "CVE-2020-35576"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://jvn.jp/en/vu/jvnvu92444096/"
},
{
"trust": 1.7,
"url": "https://www.tp-link.com/us/security"
},
{
"trust": 1.7,
"url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v13/#firmware"
},
{
"trust": 1.2,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-001010.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-35576"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92444096"
},
{
"trust": 0.8,
"url": "https://isopach.dev/cve-2020-35576/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35576"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://github.com/bussy1/tl_wr841n"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-20282"
},
{
"db": "VULMON",
"id": "CVE-2020-35576"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001010"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2044"
},
{
"db": "NVD",
"id": "CVE-2020-35576"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-20282"
},
{
"db": "VULMON",
"id": "CVE-2020-35576"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001010"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2044"
},
{
"db": "NVD",
"id": "CVE-2020-35576"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-20282"
},
{
"date": "2021-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35576"
},
{
"date": "2021-01-25T06:06:59",
"db": "JVNDB",
"id": "JVNDB-2021-001010"
},
{
"date": "2021-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2044"
},
{
"date": "2021-01-26T18:15:54.223000",
"db": "NVD",
"id": "CVE-2020-35576"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-20282"
},
{
"date": "2023-02-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-35576"
},
{
"date": "2021-01-25T06:06:59",
"db": "JVNDB",
"id": "JVNDB-2021-001010"
},
{
"date": "2022-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2044"
},
{
"date": "2023-02-02T19:58:07.720000",
"db": "NVD",
"id": "CVE-2020-35576"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2044"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TP-Link Made TL-WR841N V13 (JP) In OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001010"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2044"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.