Google security developer Matthew Garrett disclosed a zero-day arbitrary code execution (ACE) vulnerability affecting the TP-Link SR20 routers.