TP-Link’s SR20 Smart Home Router is impacted by a zero-day arbitrary code execution (ACE) vulnerability which allows potential attackers on the same network to execute arbitrary commands. Google security developer Matthew Garrett disclosed the ACE 0-day on Twitter. The vulnerability stems from the fact that “TP-Link routers frequently run a process called “”tddp”” as root”” which has been previously found to contain multiple other vulnerabilities. The default firewall rules SR20 routers come with will block attackers from exploiting the vulnerability from outside the local area network.”
Source: https://www.bleepingcomputer.com/news/security/zero-day-tp-link-sr20-router-vulnerability-disclosed-by-google-dev/