Vulnerability-Lookup

CVE-2020-9374 (GCVE-0-2020-9374)

Vulnerability from cvelistv5 – Published: 2020-02-24 18:57 – Updated: 2024-08-04 10:26

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

FKIE_CVE-2020-9374

Vulnerability from fkie_nvd - Published: 2020-02-24 19:15 - Updated: 2024-11-21 05:40

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/156584/TP-Link-TL-WR849N-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://fireshellsecurity.team/hack-n-routers/	Exploit, Third Party Advisory
cve@mitre.org	https://github.com/ElberTavares/routers-exploit/tree/master/tp-link	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/156584/TP-Link-TL-WR849N-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://fireshellsecurity.team/hack-n-routers/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/ElberTavares/routers-exploit/tree/master/tp-link	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	tp-link	tl-wr849n_firmware	0.9.1_4.16
	tp-link	tl-wr849n	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:tp-link:tl-wr849n_firmware:0.9.1_4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDA3435-5AEF-408A-B3FB-118B0F5F16FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:tp-link:tl-wr849n:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2BC7C22-5455-4394-BAD5-F03122DDC732",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel\u0027s traceroute feature."
    },
    {
      "lang": "es",
      "value": "En los dispositivos TP-Link TL-WR849N versi\u00f3n 0.9.1 4.16, una vulnerabilidad de ejecuci\u00f3n de comandos remota en el \u00e1rea de diagn\u00f3stico puede ser explotada cuando un atacante env\u00eda metacaracteres de shell espec\u00edficos hacia la funcionalidad traceroute del panel."
    }
  ],
  "id": "CVE-2020-9374",
  "lastModified": "2024-11-21T05:40:30.577",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-24T19:15:14.183",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/156584/TP-Link-TL-WR849N-Remote-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://fireshellsecurity.team/hack-n-routers/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ElberTavares/routers-exploit/tree/master/tp-link"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/156584/TP-Link-TL-WR849N-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://fireshellsecurity.team/hack-n-routers/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/ElberTavares/routers-exploit/tree/master/tp-link"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2020-13890

Vulnerability from cnvd - Published: 2020-02-27

Title

TP-Link TL-WR849N命令执行漏洞

Description

TP-LINK TL-WR849N是一款300mbps WiFi路由器。 TP-Link TL-WR849N 0.9.1 4.16版本中的诊断区域存在安全漏洞。攻击者可通过向仪表盘的路由跟踪功能发送shell元字符利用该漏洞执行命令。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法：

https://www.tp-link.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-9374

Impacted products

Name
TP-LINK TL-WR849N 0.9.1 4.16

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-9374"
    }
  },
  "description": "TP-LINK TL-WR849N\u662f\u4e00\u6b3e300mbps WiFi\u8def\u7531\u5668\u3002\n\nTP-Link TL-WR849N 0.9.1 4.16\u7248\u672c\u4e2d\u7684\u8bca\u65ad\u533a\u57df\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u4eea\u8868\u76d8\u7684\u8def\u7531\u8ddf\u8e2a\u529f\u80fd\u53d1\u9001shell\u5143\u5b57\u7b26\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\n\r\nhttps://www.tp-link.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-13890",
  "openTime": "2020-02-27",
  "products": {
    "product": "TP-LINK TL-WR849N 0.9.1 4.16"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-9374",
  "serverity": "\u9ad8",
  "submitTime": "2020-02-25",
  "title": "TP-Link TL-WR849N\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

BDU:2020-05764

Vulnerability from fstec - Published: 20.11.2019

Title

Уязвимость микропрограммного обеспечения маршрутизаторов TP-LINK TL-WR849N, связанная с непринятием мер по нейтрализации специальных элементов, используемых в командах операционной системы. позволяющая нарушителю выполнить произвольные команды

Description

Уязвимость микропрограммного обеспечения маршрутизаторов TP-LINK TL-WR849N связана с непринятием мер по нейтрализации специальных элементов, используемых в командах операционной системы. Эксплуатация уязвимости может позволить нарушителю, действующеуму удаленно, выполнить произвольные команды с помощью специальных метасимволов оболочки

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

TP-Link Technologies Co Ltd.

Software Name

TL-WR849N

Software Version

0.9.1 4.16 (TL-WR849N)

Possible Mitigations

Использование рекомендаций: https://www.tp-link.com/ru/support/download/tl-wr849n/

Reference

https://exploit.kitploit.com/2020/03/tp-link-tl-wr849n-remote-code-execution.html https://www.tp-link.com/ru/support/download/tl-wr849n/

CWE

CWE-78

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "TP-Link Technologies Co Ltd.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "0.9.1 4.16 (TL-WR849N)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.tp-link.com/ru/support/download/tl-wr849n/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.11.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "22.12.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.12.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-05764",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-9374",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "TL-WR849N",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 TP-LINK TL-WR849N, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0430\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b) (CWE-78)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 TP-LINK TL-WR849N \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0430\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0443\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0435\u0442\u0430\u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 \u043e\u0431\u043e\u043b\u043e\u0447\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://exploit.kitploit.com/2020/03/tp-link-tl-wr849n-remote-code-execution.html\nhttps://www.tp-link.com/ru/support/download/tl-wr849n/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-78",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

GSD-2020-9374

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-9374

Aliases

CVE-2020-9374

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-9374",
    "description": "On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel\u0027s traceroute feature.",
    "id": "GSD-2020-9374",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2020-9374"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-9374"
      ],
      "details": "On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel\u0027s traceroute feature.",
      "id": "GSD-2020-9374",
      "modified": "2023-12-13T01:21:52.509807Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-9374",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel\u0027s traceroute feature."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://fireshellsecurity.team/hack-n-routers/",
            "refsource": "MISC",
            "url": "https://fireshellsecurity.team/hack-n-routers/"
          },
          {
            "name": "https://github.com/ElberTavares/routers-exploit/tree/master/tp-link",
            "refsource": "MISC",
            "url": "https://github.com/ElberTavares/routers-exploit/tree/master/tp-link"
          },
          {
            "name": "http://packetstormsecurity.com/files/156584/TP-Link-TL-WR849N-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/156584/TP-Link-TL-WR849N-Remote-Code-Execution.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:tp-link:tl-wr849n_firmware:0.9.1_4.16:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:tp-link:tl-wr849n:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-9374"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel\u0027s traceroute feature."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fireshellsecurity.team/hack-n-routers/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://fireshellsecurity.team/hack-n-routers/"
            },
            {
              "name": "https://github.com/ElberTavares/routers-exploit/tree/master/tp-link",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/ElberTavares/routers-exploit/tree/master/tp-link"
            },
            {
              "name": "http://packetstormsecurity.com/files/156584/TP-Link-TL-WR849N-Remote-Code-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/156584/TP-Link-TL-WR849N-Remote-Code-Execution.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-01-01T19:29Z",
      "publishedDate": "2020-02-24T19:15Z"
    }
  }
}

VAR-202002-1073

Vulnerability from variot - Updated: 2024-11-23 22:25

On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature. TP-LINK TL-WR849N On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-LINK TL-WR849N is a 300mbps WiFi router.

TP-Link TL-WR849N 0.9.1 version 4.16 has a security vulnerability in the diagnostic area

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "tl-wr849n",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tp link",
        "version": "0.9.1_4.16"
      },
      {
        "_id": null,
        "model": "tl-wr849n",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "tp link",
        "version": "0.9.1 4.16"
      },
      {
        "_id": null,
        "model": "tl-wr849n",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "tp link",
        "version": "0.9.14.16"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002254"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9374"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:tp-link:tl-wr849n_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002254"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Elber Tavares",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1132"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-9374",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-9374",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-002254",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-13890",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-9374",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-002254",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-9374",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-002254",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-13890",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-1132",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-9374",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13890"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9374"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002254"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1132"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9374"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel\u0027s traceroute feature. TP-LINK TL-WR849N On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. TP-LINK TL-WR849N is a 300mbps WiFi router. \n\r\n\r\nTP-Link TL-WR849N 0.9.1 version 4.16 has a security vulnerability in the diagnostic area",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9374"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002254"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-13890"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9374"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "_id": null,
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=48155",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-9374"
      }
    ]
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-9374",
        "trust": 3.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156584",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002254",
        "trust": 0.8
      },
      {
        "db": "EXPLOIT-DB",
        "id": "48155",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-13890",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1132",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9374",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13890"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9374"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002254"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1132"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9374"
      }
    ]
  },
  "id": "VAR-202002-1073",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13890"
      }
    ],
    "trust": 1.2666667
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13890"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:25:36.365000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "TL-WR849N",
        "trust": 0.8,
        "url": "https://www.tp-link.com/br/home-networking/wifi-router/tl-wr849n/"
      },
      {
        "title": "routers-exploit",
        "trust": 0.1,
        "url": "https://github.com/ElberTavares/routers-exploit "
      },
      {
        "title": "poc",
        "trust": 0.1,
        "url": "https://github.com/huike007/poc "
      },
      {
        "title": "Penetration_Testing_POC",
        "trust": 0.1,
        "url": "https://github.com/hasee2018/Penetration_Testing_POC "
      },
      {
        "title": "Penetration_PoC",
        "trust": 0.1,
        "url": "https://github.com/CnHack3r/Penetration_PoC "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/password520/Penetration_PoC "
      },
      {
        "title": "gongkaishouji",
        "trust": 0.1,
        "url": "https://github.com/yedada-wei/gongkaishouji "
      },
      {
        "title": "-",
        "trust": 0.1,
        "url": "https://github.com/yedada-wei/- "
      },
      {
        "title": "Penetration_Testing_POC",
        "trust": 0.1,
        "url": "https://github.com/YIXINSHUWU/Penetration_Testing_POC "
      },
      {
        "title": "Penetration_Testing_POC",
        "trust": 0.1,
        "url": "https://github.com/Mr-xn/Penetration_Testing_POC "
      },
      {
        "title": "penetration_poc",
        "trust": 0.1,
        "url": "https://github.com/huike007/penetration_poc "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/gotosec/Penetration_Testing_POC "
      },
      {
        "title": "SecBooks",
        "trust": 0.1,
        "url": "https://github.com/SexyBeast233/SecBooks "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-9374"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002254"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002254"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9374"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.5,
        "url": "https://fireshellsecurity.team/hack-n-routers/"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9374"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/elbertavares/routers-exploit/tree/master/tp-link"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/156584/tp-link-tl-wr849n-remote-code-execution.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9374"
      },
      {
        "trust": 0.7,
        "url": "https://www.exploit-db.com/exploits/48155"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/yedada-wei/gongkaishouji"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13890"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9374"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002254"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1132"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9374"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-13890",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9374",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002254",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1132",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9374",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2020-02-27T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-13890",
        "ident": null
      },
      {
        "date": "2020-02-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-9374",
        "ident": null
      },
      {
        "date": "2020-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-002254",
        "ident": null
      },
      {
        "date": "2020-02-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-1132",
        "ident": null
      },
      {
        "date": "2020-02-24T19:15:14.183000",
        "db": "NVD",
        "id": "CVE-2020-9374",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2020-03-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-13890",
        "ident": null
      },
      {
        "date": "2022-01-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-9374",
        "ident": null
      },
      {
        "date": "2020-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-002254",
        "ident": null
      },
      {
        "date": "2022-01-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-1132",
        "ident": null
      },
      {
        "date": "2024-11-21T05:40:30.577000",
        "db": "NVD",
        "id": "CVE-2020-9374",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1132"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "TP-LINK TL-WR849N On the device  OS Command injection vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002254"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-1132"
      }
    ],
    "trust": 0.6
  }
}

GHSA-MXXH-W2WW-44FP

Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-05-24 17:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-9374"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-24T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel\u0027s traceroute feature.",
  "id": "GHSA-mxxh-w2ww-44fp",
  "modified": "2022-05-24T17:09:35Z",
  "published": "2022-05-24T17:09:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9374"
    },
    {
      "type": "WEB",
      "url": "https://fireshellsecurity.team/hack-n-routers"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ElberTavares/routers-exploit/tree/master/tp-link"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156584/TP-Link-TL-WR849N-Remote-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-9374 (GCVE-0-2020-9374)

FKIE_CVE-2020-9374

CNVD-2020-13890

BDU:2020-05764

GSD-2020-9374

VAR-202002-1073

GHSA-MXXH-W2WW-44FP

Tags

Sightings

Nomenclature