CVE-2022-26988
HIGHTP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, Fast FAC1900R 20190827_2.0.2 - Stack Overflow
Title source: llmDescription
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
http://tp-link.com
Third Party Advisory x_refsource_misc
https://github.com/GANGE666
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/file/d/1J1KzojrMCq-MrV0HqkWiu17MIXGhRuUH/view?usp=sharing
Scores
CVSS v3
7.8
EPSS
0.0054
EPSS Percentile
67.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (6)
fastcom/fac1900r_firmware
20190827_2.0.2
mercusys/mercury_d196g_firmware
20200109_2.0.4
tp-link/tl-wdr5660_firmware
tp-link/tl-wdr7620_firmware
tp-link/tl-wdr7660_firmware
2.0.30
tp-link/tl-wdr7661_firmware
Published
May 10, 2022
Tracked Since
Feb 18, 2026