CVE-2022-40486

Опубликовано: 28 сент. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file.

Ссылки

https://github.com/gscamelo/TP-Link-Archer-AX10-V1/blob/main/README.md
Exploit
Third Party Advisory
https://www.tp-link.com/br/home-networking/wifi-router/archer-ax10/
Product
https://www.tp-link.com/br/support/download/archer-ax10/v1/
Product
https://github.com/gscamelo/TP-Link-Archer-AX10-V1/blob/main/README.md
Exploit
Third Party Advisory
https://www.tp-link.com/br/home-networking/wifi-router/archer-ax10/
Product
https://www.tp-link.com/br/support/download/archer-ax10/v1/
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tp-link:archer_ax10_v1_firmware:1.3.1:20220401:*:*:*:*:*:*

cpe:2.3:h:tp-link:archer_ax10_v1:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01051

Низкий

8.8 High

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-6jfx-5cxr-8qxw