CVE-2021-27245

HIGH Year: 2021
CVSS v3 Score
8.1
High
CVSS v2 Score
9.3
Critical
Weakness Type
CWE-693
View all →

Vulnerability Description

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-12309.

Related Vulnerabilities

CVE-2020-10887

HIGH
CVSS:8.1(High)

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specif...

CWE-6932020

CVE-2024-56181

HIGH
CVSS:8.2(High)

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All version...

CWE-6932024

CVE-2024-56182

HIGH
CVSS:8.2(High)

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versio...

CWE-6932024

CVE-2025-21384

HIGH
CVSS:8.3(High)

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

CWE-6932025

CVE-2017-6261

HIGH
CVSS:7.8(High)

NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosu...

CWE-6932017