CVE-2022-30024: Buffer Overflow
First published: Thu Jul 14 2022(Updated: )
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tp-link Tl-wr841 Firmware | ||
| TP-Link TL-WR841 | =10 | |
| TP-Link TL-WR841 | =11 | |
| TP-Link TL-WR841 | =12 | |
| Tp-link Tl-wr841n Firmware | =3.16.9 | |
| TP-LINK TL-WR841N | =12 | |
| Tp-link Tl-wr841n\(eu\) Firmware | =160325 | |
| Tp-link Tl-wr841n\(eu\) | =11 | |
| Tp-link Tl-wr841n Firmware | =150616 | |
| TP-LINK TL-WR841N | =11 | |
| Tp-link Tl-wr841n Firmware | =150310 | |
| TP-LINK TL-WR841N | =10 | |
| All of | ||
| Tp-link Tl-wr841 Firmware | ||
| Any of | ||
| TP-Link TL-WR841 | =10 | |
| TP-Link TL-WR841 | =11 | |
| TP-Link TL-WR841 | =12 | |
| All of | ||
| Tp-link Tl-wr841n Firmware | =3.16.9 | |
| TP-LINK TL-WR841N | =12 | |
| All of | ||
| Tp-link Tl-wr841n\(eu\) Firmware | =160325 | |
| Tp-link Tl-wr841n\(eu\) | =11 | |
| All of | ||
| Tp-link Tl-wr841n Firmware | =150616 | |
| TP-LINK TL-WR841N | =11 | |
| All of | ||
| Tp-link Tl-wr841n Firmware | =150310 | |
| TP-LINK TL-WR841N | =10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-30024.
What devices are affected by this vulnerability?
The TP-Link TL-WR841N V12 devices with firmware version 3.16.9 are affected by this vulnerability.
How does this vulnerability occur?
This vulnerability occurs due to a buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 devices.
What is the severity of CVE-2022-30024?
The severity of CVE-2022-30024 is rated as high with a severity value of 8.8.
How can an attacker exploit this vulnerability?
An authenticated remote attacker can exploit this vulnerability by sending a specially crafted GET request to the System Tools page of the Wi-Fi network.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/tp-link
- canonical/tp-link tl-wr841 firmware
- canonical/tp-link tl-wr841
- version/tp-link tl-wr841/10
- version/tp-link tl-wr841/11
- version/tp-link tl-wr841/12
- canonical/tp-link tl-wr841n firmware
- version/tp-link tl-wr841n firmware/3.16.9
- canonical/tp-link tl-wr841n
- version/tp-link tl-wr841n/12
- canonical/tp-link tl-wr841n\(eu\) firmware
- version/tp-link tl-wr841n\(eu\) firmware/160325
- canonical/tp-link tl-wr841n\(eu\)
- version/tp-link tl-wr841n\(eu\)/11
- version/tp-link tl-wr841n firmware/150616
- version/tp-link tl-wr841n/11
- version/tp-link tl-wr841n firmware/150310
- version/tp-link tl-wr841n/10