Security Advisory

CVE-2020-36178

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-01-06 20:57:57

Last updated 2024-08-04 17:23:09

Assigner mitre

State PUBLISHED

Description

oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem.

← Browse all CVEs View on cve.org ↗