CVE-2022-25064 The TP-LINK TL-WR840N(ES) V6.20 had a RCE vulnerability.

This issue is rated as critical due to the fact that a remote attacker can exploit this vulnerability and take control of an affected device. TL-WR840N(ES)_V6.20_180709 also contains a privilege escalation vulnerability. TL-WR840N(ES)_V6.20_180709 contains an information disclosure vulnerability via the function oal_wan6_sendMessage. TL-WR840N(ES)_V6.20_180709 contains an information disclosure vulnerability via the function oal_wan6_getStats. TL-WR840N(ES)_V6.20_180709 contains an information disclosure vulnerability via the function oal_wan6_sendMessage. TL-WR840N(ES)_V6.20_180709 contains an information disclosure vulnerability via the function oal_wan6_getStats. TL-WR840N(ES)_V6.20_180709 contains an information disclosure vulnerability via the function oal_wan6_sendMsg. TL-WR840N(ES)_V6.20_180709 contains an information disclosure vulnerability via the function oal_wan6_getStats. TL-WR840N(ES)_V6.20_180709 contains an information disclosure vulnerability via the function oal_wan6_sendMsg. TL-WR840N(ES)_V6.20_180709 contains an information disclosure

Vulnerable Versions

Only devices with firmware version 6.20 and lower are vulnerable to the critical vulnerabilities addressed in this advisory.

Timeline

Published on: 02/25/2022 20:15:00 UTC
Last modified on: 03/08/2022 20:51:00 UTC

References

• http://tp-link.com
• http://router.com
• https://east-trowel-102.notion.site/CVE-2021-XXXX-rce-via-crafted-payload-in-an-ipv6-address-input-field-hidden-EN-98e24b6f841043fba17ec4627c34f5d1
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25064