TP-Link TL-WR840N - Command Injection

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

25 days 13 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

The TP-Link TL-WR840N(ES)_V6.20_180709 router contains a command injection vulnerability in the oal_setIp6DefaultRoute component. This vulnerability allows authenticated attackers to execute arbitrary system commands, leading to complete device compromise.


References:

Remediation:
Update firmware to the latest version if available. If no firmware update is available,consider implementing network segmentation to limit access to the router's management interface.
Get started to protecting your digital assets