CVE-2021-41653 – TP-Link / TL-WR840N EU v5 – RCE

CVE-2021-41653 is a remote code execution (RCE) vulnerability impacting TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211. An exploit was observed in open source, a link to an exploit was shared in the underground and a walk through demo of an exploit was shared via YouTube. Additionally, security researchers claimed the vulnerability was exploited in the wild by the Dark Mirai botnet.

Summary:

CVE-2021-41653 is a remote code execution (RCE) vulnerability impacting TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211. An exploit was observed in open source, a link to an exploit was shared in the underground and a walk through demo of an exploit was shared via YouTube. Additionally, security researchers claimed the vulnerability was exploited in the wild by the Dark Mirai botnet.

PoC Links(if available):

Kamillo Matek : TP-Link TL-WR840N EU v5 Remote Code Execution –
https://k4m1ll0.com/cve-2021-41653.html

Known Counter Measures:

TP-Link addressed the vulnerability in a security advisory with updated versions.

Links to patches(if available)

https://www.tp-link.com/in/press/security-advisory/