CVE-2022-25061 Scanner

TP-Link TL-WR840N is a widely used wireless router commonly deployed in residential and small office environments. This device is manufactured by TP-Link, a well-known company specializing in networking products. The TL-WR840N is designed to provide stable wireless Internet connectivity with capabilities to support multiple devices. Users often consider it for its affordability and reliability in managing home networks. The router plays a crucial role in ensuring seamless Internet access across various connected devices. Its widespread use underscores the importance of safeguarding it against security vulnerabilities.

Command Injection is a critical security vulnerability that allows attackers to execute arbitrary commands on a host operating system via a vulnerable application. This type of injection is exploited by manipulating input data to introduce and run malicious commands. The vulnerability arises when user-controlled data is not properly sanitized before being executed. In the case of TP-Link TL-WR840N, exploiting the command injection flaw can lead to a full system compromise. This vulnerability is particularly dangerous as it can give the attacker control over the router's operating system and network access.

The technical details of this vulnerability involve exploiting the oal_setIp6DefaultRoute component of the TP-Link TL-WR840N router. Attackers are able to execute arbitrary system commands by sending specially crafted requests to the router. By manipulating certain parameters such as `userName` in the HTTP payload, unauthorized commands can be injected and executed. The payloads provided in the scan template demonstrate how this issue can be exploited to read system files and gather sensitive information. Successful exploitation requires network access and valid credentials for authentication.

When exploited by malicious individuals, this vulnerability can lead to significant security issues. The attacker can gain unauthorized access and execute commands as if they were an administrator, compromising the integrity and confidentiality of the whole network. This could also result in unauthorized changes to network configurations, data theft, or using the device as a pivot to attack other devices. Overall, this could disrupt the network services provided by the router and degrade the security posture of connected devices.

REFERENCES

• https://github.com/exploitwritter/CVE-2022-25061/blob/main/CVE-2022-25061.py
• https://east-trowel-102.notion.site/CVE-2021-XXXX-Injection-of-commands-through-object-oal_setIp6DefaultRoute-EN-ddf9c1db199d49829269147ada6cb312
• https://nvd.nist.gov/vuln/detail/CVE-2022-25061
• http://router.com
• http://tp-link.com