CVE-2020-35576
CVE-2020-35576
Vexday Risk Score
35Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS —EPSS 42.3%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
25 Jan 2021Published on NVD
24 Jun 2021Public PoC
Weaponization speed
150 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/50058unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.