Vulnerability Description
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tl-Wdr7660 Firmware | 2.0.30 |
| Tp-Link | Tl-Wdr7660 | - |
| Tp-Link | Tl-Wdr7661 Firmware | - |
| Tp-Link | Tl-Wdr7661 | - |
| Tp-Link | Tl-Wdr7620 Firmware | - |
| Tp-Link | Tl-Wdr7620 | - |
| Tp-Link | Tl-Wdr5660 Firmware | - |
| Tp-Link | Tl-Wdr5660 | - |
| Mercusys | Mercury D196G Firmware | 20200109_2.0.4 |
| Mercusys | Mercury D196G | - |
| Fastcom | Fac1900R Firmware | 20190827_2.0.2 |
| Fastcom | Fac1900R | - |
Related Weaknesses (CWE)
References
- http://tp-link.comVendor Advisory
- https://drive.google.com/file/d/1SnNoqRlJiBD673UROLwdgg_roMOneVR9/view?usp=shariExploitThird Party Advisory
- https://github.com/GANGE666Third Party Advisory
- http://tp-link.comVendor Advisory
- https://drive.google.com/file/d/1SnNoqRlJiBD673UROLwdgg_roMOneVR9/view?usp=shariExploitThird Party Advisory
- https://github.com/GANGE666Third Party Advisory
FAQ
What is CVE-2022-26987?
CVE-2022-26987 is a vulnerability with a CVSS score of 7.8 (HIGH). TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.
How severe is CVE-2022-26987?
CVE-2022-26987 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-26987?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Wdr7660 Firmware, Tp-Link Tl-Wdr7660, Tp-Link Tl-Wdr7661 Firmware, Tp-Link Tl-Wdr7661, Tp-Link Tl-Wdr7620 Firmware.