CVE-2022-48194
HIGH WAF: Medium
CVSS 8.8
Published: 2022-12-30
CWE-434 CWE-434
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| tp-link | tl-wr902ac_firmware | up to 3.0.9.1 |
References
- packetstormsecurity.com
- github.com (Exploit, Third Party Advisory)