CVE-2022-42433

CVSS V2 None CVSS V3 None
Description
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_V14_220121 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17356.
Overview
  • CVE ID
  • CVE-2022-42433
  • Assigner
  • zdi-disclosures@trendmicro.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-29T19:15:17
  • Last Modified Date
  • 2023-04-05T16:45:06
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:tp-link:tl-wr841_firmware:*:*:*:*:*:*:*:* 1 OR 220914
cpe:2.3:h:tp-link:tl-wr841n:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://www.zerodayinitiative.com/advisories/ZDI-22-1466/ Third Party Advisory VDB Entry
History
Created Old Value New Value Data Type Notes
2023-04-17 03:51:15 Added to TrackCVE
2023-04-17 03:51:18 Weakness Enumeration new
2023-04-17 05:06:15 CVSS V3 information new