CVE-2022-25064

CRITICAL EXPLOITED

Tp-link Tl-wr840n Firmware - OS Command Injection

Title source: rule

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.

nomisec WORKING POC 21 stars

by Mr-xn · poc

nomisec WORKING POC

by exploitwritter · poc

CVSS v3 9.8

EPSS 0.6310

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

VulnCheck KEV 2024-07-25

CWE

CWE-78

Status published

Products (1)

tp-link/tl-wr840n_firmware 6.20_180709

Published Feb 25, 2022

Tracked Since Feb 18, 2026