CVE-2022-30075

EUVD-2022-35289
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
tp-linkarcher_ax50_firmware
𝑥
≤ 210730
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/167522/TP-Link-AX50-Remote-Code-Execution.html
http://tp-link.com
https://github.com/aaronsvk
https://github.com/aaronsvk/CVE-2022-30075
https://www.exploit-db.com/exploits/50962
http://packetstormsecurity.com/files/167522/TP-Link-AX50-Remote-Code-Execution.html
http://tp-link.com
https://github.com/aaronsvk
https://github.com/aaronsvk/CVE-2022-30075
https://www.exploit-db.com/exploits/50962