CVE-2017-8220
UnknownEPSS 36.34%
Last modified
CVE-2017-8220 is a vulnerability of currently unknown severity. TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.. EPSS estimates a 36.34% chance of exploitation in the next 30 days.
Description
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Tp-Link | C2 Firmware | <= 0.9.1_4.2_v0032.0_build_160706 | Rel.37961n |
| Tp-Link | C20i Firmware | <= 0.9.1_4.2_v0032.0_build_160706 | Rel.37961n |
References
- https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.htmlExploit, Technical Description, Third Party Advisory
- https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.htmlExploit, Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-8220?
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.
How severe is CVE-2017-8220?
Severity scoring for CVE-2017-8220 is pending analysis. The EPSS model estimates a 36.34% probability of exploitation in the next 30 days.
How do I fix CVE-2017-8220?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2017-8220?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST