Unrated severityNVD Advisory· Published Jan 6, 2021· Updated Aug 4, 2024
CVE-2020-36178
CVE-2020-36178
Description
oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- TP-Link/TL-WR840Ndescription
Patches
Vulnerability mechanics
References
3- github.com/therealunicornsecurity/therealunicornsecurity.github.io/blob/master/_posts/2020-10-11-TPLink.mdmitrex_refsource_MISC
- therealunicornsecurity.github.io/TPLink/mitrex_refsource_MISC
- www.tp-link.com/fr/support/download/tl-wr840n/v6/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.