cbcvebase.
CVE-2020-9374
published 2020-02-24

CVE-2020-9374: On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific…

PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
42.05%
98.5th percentile
On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.

Affected

1 ranges
VendorProductVersion rangeFixed in
tp-linktl-wr849n_firmware

Detection & IOCsextracted from sources · hover to see the quote

  • ·The exploit targets the default gateway IP 192.168.0.1; detection rules using this IP will only apply to LAN-side/local network traffic and will not fire on routed/internet traffic. Adjust rules to match the management interface IP of deployed TP-Link devices.
  • ·The exploit requires valid credentials (Base64-encoded Authorization cookie). Unauthenticated exploitation is not demonstrated; ensure credential theft or default credential use is also monitored as a precursor.
  • ·Affected version is specifically TL-WR849N 0.9.1 4.16; detection should be scoped or annotated accordingly, as other firmware versions may not be vulnerable.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.