CVE-2020-9374

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR849N versions 0.9.1 4.16

Description The issue is related to the lack of measures to neutralize special elements used in operating system commands, which can be exploited by a remote attacker to execute arbitrary commands using special shell metacharacters. Specifically, the vulnerability can be exploited in the diagnostics area when an attacker sends specific shell metacharacters to the panel's traceroute feature.

Recommendations For TP-Link TL-WR849N versions 0.9.1 4.16, as a temporary workaround, consider restricting access to the diagnostics area and the traceroute feature to minimize the risk of exploitation. Avoid using the traceroute feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.