CVE-2021-44827

Name of the Vulnerable Software and Affected Versions TP-Link Archer C20i version 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n

Description The issue concerns a remote authenticated OS command injection, allowing a remote attacker to run arbitrary commands on the router with root privileges. This is achieved via the X TP ExternalIPv6Address HTTP parameter. The vulnerability is related to the lack of measures to neutralize special elements used in the operating system command when processing the X TP ExternalIPv6Address parameter. Exploitation can be done by sending a specially crafted web request through tcp-port 1024.

Recommendations For TP-Link Archer C20i version 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n, consider disabling the X TP ExternalIPv6Address parameter until a patch is available to prevent exploitation. Restrict access to the vulnerable HTTP parameter to minimize the risk of arbitrary command execution. Avoid using the X TP ExternalIPv6Address parameter in HTTP requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.