CVE-2020-10882: TP-Link Command Injection Vulnerability Alert
Recently, ZDI disclosed the technical details of a TP-Link command injection vulnerability used in the Pwn2Own Tokyo competition. The vulnerability number of this vulnerability is CVE-2020-10882.
According to the ZDI analysis report, a command injection vulnerability exists in the binary program /usr/bin/tdpServer in the affected router. This binary program is running on the TP-Link Archer A7 (AC1750) router, hardware version 5, MIPS Architecture, firmware version 190726. The vulnerability exists in tdpServer’s code for handling TP-Link onemesh related functions. Onemesh is a proprietary function that TP-Link is responsible for Mesh implementation.
tdpServer opens UDP 20002 to communicate with external functions.
When the value of slaveMac is controlled, it can cause a command injection. Affected users should update the firmware version to TP-Link A7 (US) _V5_200220.
