Cyber Resilience

CVE-2023-27078

CriticalPublic PoCRCE

Published: 23 March 2023

Published
23 March 2023
Modified
25 February 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0699 91.7th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-27078 is a critical-severity Command Injection (CWE-77) vulnerability in Tp-Link Tl-Mr3020 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 8.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A command injection vulnerability tracked as CVE-2023-27078 affects the TP-Link MR3020 router running firmware version 1_150921. The flaw resides in the tftp endpoint and stems from insufficient input validation, allowing an attacker to inject and execute operating-system commands through specially crafted network requests. It carries a CVSS 3.1 base score of 9.8, reflecting network attack vector, low complexity, and no required authentication or user interaction.

An unauthenticated remote attacker can send a malicious request to the tftp endpoint and obtain arbitrary command execution on the device. Successful exploitation grants full control over the router, enabling actions such as altering configuration, intercepting traffic, installing persistent malware, or using the device as a pivot point into attached networks.

Public references consist of a GitHub repository containing technical details and proof-of-concept material; no vendor advisory, firmware patch, or official mitigation guidance is referenced in the available sources. The associated EPSS score remains low, with a current value of 0.0699 and a peak of 0.0704, indicating limited observed exploitation interest since disclosure.

EU & UK References

Vulnerability details

A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

tp-link
tl-mr3020 firmware
1.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References