CVE-2022-48194

CVSS V2 None CVSS V3 None
Description
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.
Overview
  • CVE ID
  • CVE-2022-48194
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2022-12-30T07:15:07
  • Last Modified Date
  • 2023-04-03T20:15:08
Weakness Enumerations
CWE URL
CWE-434 http://cwe.mitre.org/data/definitions/434.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:tp-link:tl-wr902ac_firmware:*:*:*:*:*:*:*:* 1 OR 3.0.9.1
cpe:2.3:h:tp-link:tl-wr902ac:3.0:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execution.html
https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits Exploit Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-48194
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48194
History
Created Old Value New Value Data Type Notes
2022-12-30 08:14:44 Added to TrackCVE
2022-12-30 13:14:33 2022-12-30T13:06:49 CVE Modified Date updated
2022-12-30 13:14:33 Received Awaiting Analysis Vulnerability Status updated
2023-01-05 12:18:54 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-09 19:18:09 2023-01-09T18:32:15 CVE Modified Date updated
2023-01-09 19:18:09 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-09 19:18:10 Weakness Enumeration new
2023-01-09 19:18:11 CPE Information updated
2023-04-03 21:41:01 2023-04-03T20:15:08 CVE Modified Date updated
2023-04-03 21:41:01 Analyzed Modified Vulnerability Status updated
2023-04-03 21:41:02 References updated