CVE-2022-46432

Sažetak

An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v3.12.20 and earlier.

Reference

https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/B1Vgv1uwo
https://www.tp-link.com/us/press/security-advisory/
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/B1Vgv1uwo
https://www.tp-link.com/us/press/security-advisory/

CVSS

Base:	7.5
Impact:	5.9
Exploitability:	1.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

16-04-2025 - 18:15

Objavljeno

20-12-2022 - 20:15