CVE-2022-30024

EPSS 12.3%
Veröffentlicht 14.07.2022 14:15:13
Zuletzt bearbeitet 21.11.2024 07:02:05
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tp-link ≫ Tl-wr841 Firmware Version-

   Tp-link ≫ Tl-wr841 Version10
   Tp-link ≫ Tl-wr841 Version11
   Tp-link ≫ Tl-wr841 Version12

Tp-link ≫ Tl-wr841n Firmware Version3.16.9

Tp-link ≫ Tl-wr841n Version12

Tp-link ≫ Tl-wr841n(eu) Firmware Version160325

Tp-link ≫ Tl-wr841n(eu) Version11

Tp-link ≫ Tl-wr841n Firmware Version150616

Tp-link ≫ Tl-wr841n Version11

Tp-link ≫ Tl-wr841n Firmware Version150310

Tp-link ≫ Tl-wr841n Version10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	12.3%	0.936

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

http://tp-link.com

Vendor Advisory

http://tl-wr841.com

Broken Link

URL Repurposed

https://pastebin.com/0XRFr3zE

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-30024

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-30024

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-30024

EUVD