The vulnerability of the httpd daemon in the microprogramming-based router software from TP-Link’s TL-WR940N allows a hacker to bypass authentication processes and gain unauthorized access to the equipment.

🗓️ 05 Dec 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

The httpd daemon in TP-Link TL-WR940N router uses weak randomness, enabling authentication bypass.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2022-43636	29 Mar 202322:21	–	circl
CNNVD	TP-LINK TL-WR940N 安全特征问题漏洞	29 Mar 202300:00	–	cnnvd
CNVD	TP-LINK TL-WR940N Security Feature Issue Vulnerability	31 Mar 202300:00	–	cnvd
CVE	CVE-2022-43636	29 Mar 202300:00	–	cve
Cvelist	CVE-2022-43636	29 Mar 202300:00	–	cvelist
EUVD	EUVD-2022-46632	3 Oct 202520:07	–	euvd
NVD	CVE-2022-43636	29 Mar 202319:15	–	nvd
OSV	CVE-2022-43636	29 Mar 202319:15	–	osv
Prion	Authentication flaw	29 Mar 202319:15	–	prion
Positive Technologies	PT-2022-5731 · Tp Link · Tp-Link Tl-Wr940N	21 Nov 202200:00	–	ptsecurity

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-22-1614/
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2022112409
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-22-1614/

05 Dec 2022 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 26.8

CVSS 37.5

EPSS0.00118

httpd vulnerability tp link router weak randomness authentication bypass unsecured access