Getting root on on TP-Link Smart Switches using CVE-2026-1668
5 points by tuxes
5 points by tuxes
I like how clean and informative the PoC ends up being.
This is a useful exploit to have, because it's a path to getting OpenWRT on the device. This managed PoE switch has switchdev support in the Linux kernel, and has variants already in OpenWRT, but installation is fiddly: https://git.openwrt.org/openwrt/openwrt/commit/?id=6d5873a162e9e03c93012a26b0004d46e6764a8e . This exploit PoC could offer a trivial path to installing OpenWRT on this.