Recently, ZDI disclosed the technical details of the TP-Link command injection vulnerability used in the Pwn2Own Tokyo competition. The vulnerability number of this vulnerability is CVE-2020-10882.
According to the ZDI analysis report, there is a command injection vulnerability in the binary program / usr / bin / tdpServer in the affected router. This binary program runs on the TP-Link Archer A7 (AC1750) router, hardware version 5, MIPS architecture, firmware version 190726. This vulnerability exists in the code of tdpServer and is used to handle the functions related to TP-Link onemesh. Onemesh is a proprietary function that TP-Link is responsible for Mesh implementation.
tdpServer opens UDP 20002 to communicate with external functions.
Controlling the value of slaveMac may cause command injection. Affected users should update the firmware version to TP-Link A7 (US) _V5_200220.
