← back
CVE-2020-35576

CVE-2020-35576

EPSS 42.3%
Vexday Risk Score
35Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS EPSS 42.3%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
25 Jan 2021Published on NVD
24 Jun 2021Public PoC
Weaponization speed
150 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.