Vulnerability Description
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tl-Wr902Ac Firmware | <= 3.0.9.1 |
| Tp-Link | Tl-Wr902Ac | 3.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execu
- https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploitsExploitThird Party Advisory
- http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execu
- https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploitsExploitThird Party Advisory
FAQ
What is CVE-2022-48194?
CVE-2022-48194 is a vulnerability with a CVSS score of 8.8 (HIGH). TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signatu...
How severe is CVE-2022-48194?
CVE-2022-48194 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-48194?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Wr902Ac Firmware, Tp-Link Tl-Wr902Ac.