CVE-2022-30024 > [Description]> TPLink TL-WR841N V12 (firmware version 3.1

1. CVE-2022-30024
2.  
3. > [Description]
4. > TPLink TL-WR841N V12 (firmware version 3.16.9) devices allow an authenticated allows remote code execution via
5. > GET request to the page for the System Tools of the Wi-Fi network.
6. >
7. >
8. >
9. > ------------------------------------------
10. >
11. > [VulnerabilityType Other]
12. > Buffer overflow
13. >
14. > ------------------------------------------
15. >
16. > [Vendor of Product]
17. > TPLink
18. >
19. > ------------------------------------------
20. >
21. > [Affected Product Code Base]
22. > TPLink TL-WR841N from V12 - version affected: 3.16.9, version fix: None
23. >
24. > ------------------------------------------
25. >
26. > [Affected Component]
27. > The Web service
28. >
29. > ------------------------------------------
30. >
31. > [Attack Type]
32. > Remote
33. >
34. > ------------------------------------------
35. >
36. > [Impact Code execution]
37. > true
38. >
39. > ------------------------------------------
40. >
41. > [Attack Vectors]
42. > Send payload to Web service
43. >
44. > ------------------------------------------
45. >
46. > [Reference]
47. > https://www.tp-link.com/us/home-networking/wifi-router/tl-wr841n/
48. >
49. > ------------------------------------------
50. >
51. > [Has vendor confirmed or acknowledged the vulnerability?]
52. > true
53. >
54. > ------------------------------------------
55. >
56. > [Discoverer]
57. > Cuongtm
58.  
59. CVE-2022-30024