Vulnerability CVE-2022-30075


Published: 2022-06-09

Description:
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.

See advisories in our WLB2 database:
Topic
Author
Date
High
TP-Link Router AX50 firmware 210730 Remote Code Execution (RCE) (Authenticated)
Tomas Melicher
03.09.2022

Type:

NVD-CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://tp-link.com
https://github.com/aaronsvk/CVE-2022-30075
https://github.com/aaronsvk
https://www.exploit-db.com/exploits/50962

Copyright 2024, cxsecurity.com

 

Back to Top