Description
A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data. An authenticated user with sufficient privileges may be able to modify account settings and gain elevated administrative privileges.
Problem types
CWE-93 Improper neutralization of CRLF sequences ('CRLF injection')
Product status
Any version before 0.16.0 2.0.0 v6092.0 Build 260521 RC.7927n
Credits
Klamm9
References
www.tp-link.com/en/support/download/archer-vx1800v/
www.tp-link.com/us/support/faq/5189/