Vulnerability Details CVE-2022-48194
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.697
EPSS Ranking 98.6%
CVSS Severity
CVSS v3 Score 8.8
References
- http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execution.html
- https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits
- http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execution.html
- https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits
Products affected by CVE-2022-48194
-
cpe:2.3:h:tp-link:tl-wr902ac:3.0
-
cpe:2.3:o:tp-link:tl-wr902ac_firmware:-
-
cpe:2.3:o:tp-link:tl-wr902ac_firmware:3.0.9.1