TP-Link TL-WR840N - Command Injection

Short Info

Level

Critical

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

25 days 13 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

The TP-Link TL-WR840N(ES)_V6.20_180709 router contains a command injection vulnerability in the oal_setIp6DefaultRoute component. This vulnerability allows authenticated attackers to execute arbitrary system commands, leading to complete device compromise.

References:

https://github.com/exploitwritter/CVE-2022-25061/blob/main/CVE-2022-25061.py
https://east-trowel-102.notion.site/CVE-2021-XXXX-Injection-of-commands-through-object-oal_setIp6DefaultRoute-EN-ddf9c1db199d49829269147ada6cb312
https://nvd.nist.gov/vuln/detail/CVE-2022-25061
http://router.com
http://tp-link.com

Remediation:
Update firmware to the latest version if available. If no firmware update is available,consider implementing network segmentation to limit access to the router's management interface.

Get started to protecting your digital assets

Start trial See the plans

TP-Link TL-WR840N - Command Injection

Short Info

-

Detail

Category