Login Sign Up

CVE-2021-27245

8.1 HIGH

📋 TL;DR

This vulnerability allows attackers to bypass firewall protections on TP-Link Archer A7 and C7 routers by exploiting improper IPv6 SSH connection filtering. Attackers can combine this with other vulnerabilities to execute arbitrary code with root privileges. Affected users are those running vulnerable firmware versions on these specific router models.

💻 Affected Systems

Products:
  • TP-Link Archer A7 AC1750
  • TP-Link Archer C7 AC1750
Versions: Archer A7(US)_V5 versions before 200220, Archer C7(US)_V5 versions before 210125
Operating Systems: Router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability affects IPv6 handling specifically; routers with IPv6 enabled are vulnerable by default configuration.

📦 What is this software?

Archer A7 Firmware by Tp Link

View all CVEs affecting Archer A7 Firmware →

Archer A7 Firmware by Tp Link

View all CVEs affecting Archer A7 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing root-level remote code execution, enabling attackers to intercept traffic, modify router settings, pivot to internal networks, or install persistent malware.

🟠

Likely Case

Firewall bypass allowing unauthorized network access, potentially leading to internal network reconnaissance and lateral movement opportunities.

🟢

If Mitigated

Limited impact if IPv6 is disabled or proper network segmentation isolates the router from critical systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires combination with other vulnerabilities for full RCE; firewall bypass alone provides network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Archer A7(US)_V5_200220 or later, Archer C7(US)_V5_210125 or later

Vendor Advisory: https://www.tp-link.com/us/support/download/

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to System Tools > Firmware Upgrade. 3. Download latest firmware from TP-Link support site. 4. Upload and install firmware. 5. Reboot router.

🔧 Temporary Workarounds

Disable IPv6

all

Completely disable IPv6 functionality on the router to prevent exploitation

Restrict SSH Access

all

Configure firewall rules to restrict SSH access to trusted IP addresses only

🧯 If You Can't Patch

  • Isolate router on separate VLAN with strict firewall rules
  • Implement network monitoring for unusual IPv6 SSH traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under System Tools > Firmware Upgrade

Check Version:

Login to router web interface and check firmware version in System Tools section

Verify Fix Applied:

Confirm firmware version is Archer A7(US)_V5_200220 or later for A7, or Archer C7(US)_V5_210125 or later for C7

📡 Detection & Monitoring

Log Indicators:

  • Unusual IPv6 SSH connection attempts
  • Firewall rule bypass events
  • Unexpected configuration changes

Network Indicators:

  • IPv6 SSH traffic to router on non-standard ports
  • Unusual outbound connections from router

SIEM Query:

source_ip=router_ip AND (protocol=ssh OR port=22) AND ip_version=6

📊 Metadata

CVE ID: CVE-2021-27245
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-693
Published: March 29, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27245, you might also want to check these:

CVE-2023-31273 10.0

This vulnerability in Intel Data Center Manager (DCM) software allows unauthenticated attackers to b...

Same vulnerability type (CWE-693)
CVE-2021-32835 9.9

CVE-2021-32835 is a sandbox escape vulnerability in Eclipse Keti that allows authenticated attackers...

Same vulnerability type (CWE-693)
CVE-2025-68668 9.9

This CVE describes a sandbox bypass vulnerability in n8n's Python Code Node that allows authenticate...

Same vulnerability type (CWE-693)