Tp Link · Tp-Link Tl-Wpa4220 · CVE-2020-24297
**Name of the Vulnerable Software and Affected Versions**
TP-Link TL-WPA4220 versions 2 through 4
**Description**
The issue is related to the httpd daemon on TP-Link TL-WPA4220 devices, which fails to neutralize special elements used in an operating system command. This allows a remote authenticated user to execute arbitrary OS commands by sending a crafted POST request to the endpoint "/admin/powerline".
**Recommendations**
For versions 2 through 4, update to the fixed version TL-WPA4220(EU) V4 201023 to resolve the issue. As a temporary workaround, consider restricting access to the "/admin/powerline" endpoint until the update is applied.