Lucene search

[email protected]NVD:CVE-2022-46432

HistoryDec 20, 2022 - 8:15 p.m.

CVE-2022-46432

2022-12-2020:15:10

[email protected]

web.nvd.nist.gov

tp-link tl-wr743nd

firmware vulnerability

arbitrary code execution

dos

mitm attack

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

50.0%

JSON

An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v3.12.20 and earlier.

Affected configurations

NVD

Node

tp-linktl-wr743nd_v1_firmwareRange≤3.12.20

AND

tp-linktl-wr743nd_v1Match-

References

hackmd.io/%40slASVrz_SrW7NQCsunofeA/B1Vgv1uwo

www.tp-link.com/us/press/security-advisory/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

50.0%

JSON

Related for NVD:CVE-2022-46432

cve1 cvelist1 prion1