exploitDog

CVE-2022-48194

Опубликовано: 30 дек. 2022

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.

Ссылки

http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execution.html
https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execution.html
https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tp-link:tl-wr902ac_firmware:*:*:*:*:*:*:*:*

Версия до 3.0.9.1 (включая)

cpe:2.3:h:tp-link:tl-wr902ac:3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.69672

Средний

8.8 High

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-pr8p-6jwr-v79h

CVSS3: 8.8

github

около 3 лет назад

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.

EPSS

Процентиль: 99%

0.69672

Средний

8.8 High

CVSS3

Дефекты

CWE-434

CWE-434