CVE-2017-8220

Name of the Vulnerable Software and Affected Versions TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n

Description The issue allows remote code execution with a single HTTP request. This can be achieved by placing shell commands in a host= line within HTTP POST data.

Recommendations For TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n, consider restricting access to the HTTP POST endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the host parameter in HTTP POST requests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.