APP: TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution
This signature detects attempts to exploit a known vulnerability against TP-Link Archer A7/C7. A successful attack can lead to remote code execution.
Extended Description
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650.
References
CVE: CVE-2020-28347
Short Name
APP:MISC:TP-LINK-ARCHER-A7-CE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
A7/C7 Archer CVE-2020-10882 CVE-2020-10883 CVE-2020-10884 CVE-2020-28347 Code Execution LAN Remote TP-Link Unauthenticated
Release Date
06/04/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
Port
UDP/20002
False Positive
Unknown
CVSS Score
8.3
4.6
10.0
5.8