Lucene search

[email protected]CVE-2022-29402

HistoryMay 25, 2022 - 6:15 p.m.

CVE-2022-29402

2022-05-2518:15:00

CWE-306

[email protected]

web.nvd.nist.gov

cve-2022-29402

tp-link

tl-wr840n

v6.20

uart console

insecurity

vulnerability

nvd

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

40.4%

JSON

TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.

CPENameOperatorVersion
tp-link:tl-wr840n_firmwaretp-link tl-wr840n firmwareeq-

CPE	Name	Operator	Version
tp-link:tl-wr840n_firmware	tp-link tl-wr840n firmware	eq	-

References

k4m1ll0.com/cve-tplink-tlwr840N-uart-shell.html

Social References

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

40.4%

JSON

Related for CVE-2022-29402

prion1