Lucene search

[email protected]NVD:CVE-2021-41653

HistoryNov 13, 2021 - 3:15 p.m.

CVE-2021-41653

2021-11-1315:15:08

CWE-94

[email protected]

web.nvd.nist.gov

tp-link

tl-wr840n

router

ping function

rce vulnerability

remote code execution

ip address input field

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.947

Percentile

99.3%

JSON

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.

Affected configurations

Nvd

Node

tp-linktl-wr840n_firmwareRange≤tl-wr840n\(eu\)_v5_171211

AND

tp-linktl-wr840nMatchv5

VendorProductVersionCPE
tp-linktl-wr840n_firmware*cpe:2.3:o:tp-link:tl-wr840n_firmware:*:*:*:*:*:*:*:*
tp-linktl-wr840nv5cpe:2.3:h:tp-link:tl-wr840n:v5:*:*:*:*:*:*:*