CVE-2022-25060

CRITICAL EXPLOITED IN THE WILD

Tp-link Tl-wr840n Firmware - OS Command Injection

Title source: rule

Description

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.

Exploits (1)

nomisec WORKING POC
by exploitwritter · remote-auth
https://github.com/exploitwritter/CVE-2022-25060

References (3)

Scores

CVSS v3 9.8
EPSS 0.7466
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-08-19
InTheWild.io 2022-08-19
CWE
CWE-78
Status published
Products (1)
tp-link/tl-wr840n_firmware 6.20_180709
Published Feb 25, 2022
Tracked Since Feb 18, 2026