9.8

CVE-2022-37860

Exploit
The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tp-linkM7350 Firmware Version190531
   Tp-linkM7350 Versionv3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 80.01% 0.996
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://www.tp-link.com/uk/support/download/m7350/v3/#Firmware
Patch
Vendor Advisory
Release Notes
https://www.yuque.com/docs/share/fca60ef9-e5a4-462a-a984-61def4c9b132
Patch
Third Party Advisory
Exploit