CVE-2020-9375 – This vulnerability allows remote attackers to c... (How to Fix)

Q: What is the severity of CVE-2020-9375?

CVE-2020-9375 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to cause a denial of service (DoS) on TP-Link Archer C50 V3 routers by sending HTTP requests with a specially crafted Referer header. The attack crashes the device, requiring a physical reboot. Only TP-Link Archer C50 V3 devices with firmware versions before Build 200318 Rel. 62209 are affected.

📋 TL;DR

This vulnerability allows remote attackers to cause a denial of service (DoS) on TP-Link Archer C50 V3 routers by sending HTTP requests with a specially crafted Referer header. The attack crashes the device, requiring a physical reboot. Only TP-Link Archer C50 V3 devices with firmware versions before Build 200318 Rel. 62209 are affected.

💻 Affected Systems

Products:

TP-Link Archer C50 V3

Versions: All firmware versions before Build 200318 Rel. 62209

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the V3 hardware version of Archer C50. Web interface must be accessible for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Router becomes completely unresponsive, requiring physical power cycle to restore functionality, disrupting all network connectivity for connected devices.

🟠

Likely Case

Router crashes and becomes inaccessible until manually rebooted, causing temporary network outage.

🟢

If Mitigated

If patched, no impact. If network controls block malicious traffic, minimal impact.

🌐 Internet-Facing: HIGH - Attack can be performed remotely without authentication from the internet if router's web interface is exposed.

🏢 Internal Only: MEDIUM - Attack requires access to internal network, but still causes service disruption.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request with crafted Referer header. Public exploit scripts available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Build 200318 Rel. 62209 or later

Vendor Advisory: https://www.tp-link.com/in/support/download/archer-c50/v3/#Firmware

Restart Required: Yes

Instructions:

1. Download latest firmware from TP-Link support page. 2. Log into router web interface. 3. Navigate to System Tools > Firmware Upgrade. 4. Upload firmware file. 5. Wait for upgrade to complete. 6. Router will reboot automatically.

🔧 Temporary Workarounds

Disable Remote Management

all

Prevent external access to router web interface

Network Segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Implement network firewall rules to block HTTP requests with abnormal Referer headers
Monitor router for unexpected reboots or crashes and maintain physical access for manual recovery

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under System Tools > Firmware Upgrade. If version is older than Build 200318 Rel. 62209, device is vulnerable.

Check Version:

No CLI command. Check via web interface at http://router_ip or via TP-Link Tether app.

Verify Fix Applied:

After firmware update, verify version shows Build 200318 Rel. 62209 or newer in web interface.

📡 Detection & Monitoring

Log Indicators:

Router crash/reboot logs
HTTP requests with malformed Referer headers in access logs

Network Indicators:

HTTP requests to router management interface with crafted Referer field
Sudden loss of router connectivity

SIEM Query:

http.method:POST AND http.referer:* AND destination.ip:router_ip AND (http.referer.length > 100 OR http.referer contains special characters)

📊 Metadata

CVE ID: CVE-2020-9375

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-772

Published: March 25, 2020

Last Updated: March 5, 2026

🔗 References

http://packetstormsecurity.com/files/156928/TP-Link-Archer-C50-V3-Denial-of-Service.html Exploit,Third Party Advisory
https://thewhiteh4t.github.io/2020/02/27/CVE-2020-9375-TP-Link-Archer-C50-v3-Denial-of-Service.html Exploit,Third Party Advisory
https://thewhiteh4t.github.io/blog/cve-2020-9375-tplink/
https://www.tp-link.com/in/support/download/archer-c50/v3/#Firmware Release Notes,Vendor Advisory
http://packetstormsecurity.com/files/156928/TP-Link-Archer-C50-V3-Denial-of-Service.html Exploit,Third Party Advisory
https://thewhiteh4t.github.io/2020/02/27/CVE-2020-9375-TP-Link-Archer-C50-v3-Denial-of-Service.html Exploit,Third Party Advisory
https://www.tp-link.com/in/support/download/archer-c50/v3/#Firmware Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-9375, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Archer C50 by Tp Link

Archer C50 by Tp Link

Archer C50 by Tp Link

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Remote Management

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities