CVE-2022-30024

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected.

Un desbordamiento de búfer en el demonio httpd en los dispositivos TP-Link TL-WR841N V12 (versión de firmware 3.16.9) permite a un atacante remoto autenticado ejecutar código arbitrario por medio de una petición GET a la página de Herramientas del sistema de la red Wi-Fi. Esto afecta a los dispositivos TL-WR841 V12 TL-WR841N(EU)_V12_160624 y TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 y TL-WR841 V10 TL-WR841N_V10_150310 también están afectados

*Credits: N/A

CVSS Scores

NISTv3.1 8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-05-02 CVE Reserved
2022-07-14 CVE Published
2024-08-03 CVE Updated
2024-09-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (3)

URL	Tag	Source
http://tl-wr841.com	Broken Link
https://pastebin.com/0XRFr3zE	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://tp-link.com	2024-02-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Tp-link Search vendor "Tp-link"	Tl-wr841 Firmware Search vendor "Tp-link" for product "Tl-wr841 Firmware"	-	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841 Search vendor "Tp-link" for product "Tl-wr841"	10 Search vendor "Tp-link" for product "Tl-wr841" and version "10"	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr841 Firmware Search vendor "Tp-link" for product "Tl-wr841 Firmware"	-	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841 Search vendor "Tp-link" for product "Tl-wr841"	11 Search vendor "Tp-link" for product "Tl-wr841" and version "11"	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr841 Firmware Search vendor "Tp-link" for product "Tl-wr841 Firmware"	-	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841 Search vendor "Tp-link" for product "Tl-wr841"	12 Search vendor "Tp-link" for product "Tl-wr841" and version "12"	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr841n Firmware Search vendor "Tp-link" for product "Tl-wr841n Firmware"	3.16.9 Search vendor "Tp-link" for product "Tl-wr841n Firmware" and version "3.16.9"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841n Search vendor "Tp-link" for product "Tl-wr841n"	12 Search vendor "Tp-link" for product "Tl-wr841n" and version "12"	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr841n\(eu\) Firmware Search vendor "Tp-link" for product "Tl-wr841n\(eu\) Firmware"	160325 Search vendor "Tp-link" for product "Tl-wr841n\(eu\) Firmware" and version "160325"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841n\(eu\) Search vendor "Tp-link" for product "Tl-wr841n\(eu\)"	11 Search vendor "Tp-link" for product "Tl-wr841n\(eu\)" and version "11"	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr841n Firmware Search vendor "Tp-link" for product "Tl-wr841n Firmware"	150616 Search vendor "Tp-link" for product "Tl-wr841n Firmware" and version "150616"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841n Search vendor "Tp-link" for product "Tl-wr841n"	11 Search vendor "Tp-link" for product "Tl-wr841n" and version "11"	-	Safe
Tp-link Search vendor "Tp-link"	Tl-wr841n Firmware Search vendor "Tp-link" for product "Tl-wr841n Firmware"	150310 Search vendor "Tp-link" for product "Tl-wr841n Firmware" and version "150310"	-	Affected	in	Tp-link Search vendor "Tp-link"	Tl-wr841n Search vendor "Tp-link" for product "Tl-wr841n"	10 Search vendor "Tp-link" for product "Tl-wr841n" and version "10"	-	Safe