Description
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.
Affected Software
Related
{"id": "CVE-2022-25064", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-25064", "description": "TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.", "published": "2022-02-25T20:15:00", "modified": "2022-03-08T20:51:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25064", "reporter": "cve@mitre.org", "references": ["http://tp-link.com", "http://router.com", "https://east-trowel-102.notion.site/CVE-2021-XXXX-rce-via-crafted-payload-in-an-ipv6-address-input-field-hidden-EN-98e24b6f841043fba17ec4627c34f5d1"], "cvelist": ["CVE-2022-25064"], "immutableFields": [], "lastseen": "2022-03-23T10:25:38", "viewCount": 33, "enchantments": {"score": {"value": 4.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "githubexploit", "idList": ["F5F27914-AB0D-5FB7-9DAC-6ED740F55B46"]}]}, "dependencies": {"references": [{"type": "githubexploit", "idList": ["F5F27914-AB0D-5FB7-9DAC-6ED740F55B46"]}], "rev": 4}, "twitter": {"counter": 6, "tweets": [{"link": "https://twitter.com/ipssignatures/status/1538703688750997504", "text": "It's new to me that Hillstone has a protection/signature/rule for the vulnerability CVE-2022-25064.\nhttps://t.co/avrnEcklwq\n/search?src=sprv&q=CVE-2022-25064\nThe vuln was published 114 days ago by NIST.\n/hashtag/S2mvoaj2dm4tgs?src=hashtag_click", "author": "ipssignatures", "author_photo": "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png"}, {"link": "https://twitter.com/ipssignatures/status/1538703689627705346", "text": "I know one more IPS that has a protection/signature/rule for the vulnerability CVE-2022-25064.\nhttps://t.co/hPm3QMVowJ\n/hashtag/S2mvoaj2dm4tgs?src=hashtag_click", "author": "ipssignatures", "author_photo": "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png"}]}, "vulnersScore": 4.2}, "_state": {"dependencies": 0, "twitter": 1655699562}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/o:tp-link:tl-wr840n_firmware:6.20_180709"], "cpe23": ["cpe:2.3:o:tp-link:tl-wr840n_firmware:6.20_180709:*:*:*:*:*:*:*"], "cwe": ["CWE-77"], "affectedSoftware": [{"cpeName": "tp-link:tl-wr840n_firmware", "version": "6.20_180709", "operator": "eq", "name": "tp-link tl-wr840n firmware"}], "affectedConfiguration": [{"name": "tp-link tl-wr840n", "cpeName": "tp-link:tl-wr840n", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:tp-link:tl-wr840n_firmware:6.20_180709:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:tp-link:tl-wr840n:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "http://tp-link.com", "name": "http://tp-link.com", "refsource": "MISC", "tags": ["Product"]}, {"url": "http://router.com", "name": "http://router.com", "refsource": "MISC", "tags": ["Not Applicable", "URL Repurposed"]}, {"url": "https://east-trowel-102.notion.site/CVE-2021-XXXX-rce-via-crafted-payload-in-an-ipv6-address-input-field-hidden-EN-98e24b6f841043fba17ec4627c34f5d1", "name": "https://east-trowel-102.notion.site/CVE-2021-XXXX-rce-via-crafted-payload-in-an-ipv6-address-input-field-hidden-EN-98e24b6f841043fba17ec4627c34f5d1", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}]}
{"githubexploit": [{"lastseen": "2022-05-11T06:01:55", "description": "# CVE-2022-25064 \n## TP-LINK TL-WR840N RCE via the function oal_...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-01T15:10:20", "type": "githubexploit", "title": "Exploit for Command Injection in Tp-Link Tl-Wr840N Firmware", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-25064"], "modified": "2022-05-10T16:11:46", "id": "F5F27914-AB0D-5FB7-9DAC-6ED740F55B46", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}]}