A security developer has disclosed a zero-day vulnerability in TP-Links SR20 smart home router that allows code execution with the highest privileges on the device. Details about the bug and proof-of-concept exploit code are currently available, so hackers could change it to run commands of their choosing with the rights of an administrator. The method works as long as the attacker-controlled machine communicates with the target SR20 router over a local connection. The vulnerability was discovered by Google security developer Matthew Garrett.”]