CVE-2022-26987

Опубликовано: 10 мая 2022

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in MmtAtePrase function. Local users could get remote code execution.

Ссылки

http://tp-link.com
Vendor Advisory
https://drive.google.com/file/d/1SnNoqRlJiBD673UROLwdgg_roMOneVR9/view?usp=sharing
Exploit
Third Party Advisory
https://github.com/GANGE666
Third Party Advisory
http://tp-link.com
Vendor Advisory
https://drive.google.com/file/d/1SnNoqRlJiBD673UROLwdgg_roMOneVR9/view?usp=sharing
Exploit
Third Party Advisory
https://github.com/GANGE666
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tp-link:tl-wdr7660_firmware:2.0.30:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr7660:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:tp-link:tl-wdr7661_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr7661:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:tp-link:tl-wdr7620_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr7620:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:tp-link:tl-wdr5660_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wdr5660:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:mercusys:mercury_d196g_firmware:20200109_2.0.4:*:*:*:*:*:*:*

cpe:2.3:h:mercusys:mercury_d196g:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:fastcom:fac1900r_firmware:20190827_2.0.2:*:*:*:*:*:*:*

cpe:2.3:h:fastcom:fac1900r:-:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00536

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-r842-2fxw-4w6q

CVSS3: 7.8

github

больше 3 лет назад

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.

EPSS

Процентиль: 67%

0.00536

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-787