What is CVE-2020-28347?

CVE-2020-28347 is a vulnerability in N/a. Published 2020-11-08.

Is CVE-2020-28347 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-28347

tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mi…

EPSS: 0.826 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/minesweeper.md (x_refsource_MISC)
github.com/rdomanski/Exploits_and_Advisories/blob/master/advisories/Pwn2Own/Tok… (x_refsource_MISC)
github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2019/lao_bomb/lao_bo… (x_refsource_MISC)
github.com/rdomanski/Exploits_and_Advisories/blob/master/advisories/Pwn2Own/Tok… (x_refsource_MISC)
github.com/rapid7/metasploit-framework/pull/14365 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-28347?: CVE-2020-28347 is a vulnerability in N/a. Published 2020-11-08.
Is CVE-2020-28347 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.