In the last post of the Hacking the TL-WPA4220 series, we are going to investigate a stack-based buffer overflow in the TL-WPA4220 (CVE-2020-28005), and try (though unsuccessfully) to exploit it to achieve remote code execution (RCE) on the device. With this, we will finish the Hacking the TL-WPA4220 series.

In this post, I’m going to describe some vulnerabilities that I found a while ago, affecting the HTTP server of TP-Link’s Powerline Adapter/WiFi Extender TL-WPA4220 (hardware versions 2, 3, and 4). These flaws are two command injection vulnerabilities that can grant an attacker root access to the device (CVE-2020-24297), as well as a stack-based buffer overflow vulnerability that can be used to crash the http service (CVE-2020-28005).