CVE-2022-40486
HIGHTP-Link Archer AX10 V1 Firmware 1.3.1 - Authenticated RCE via Crafted Backup File
Title source: llmDescription
TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/gscamelo/TP-Link-Archer-AX10-V1/blob/main/README.md
Product x_refsource_misc
https://www.tp-link.com/br/home-networking/wifi-router/archer-ax10/
Product x_refsource_misc
https://www.tp-link.com/br/support/download/archer-ax10/v1/
Scores
CVSS v3
8.8
EPSS
0.0083
EPSS Percentile
74.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
tp-link/archer_ax10_v1_firmware
1.3.1 20220401
Published
Sep 28, 2022
Tracked Since
Feb 18, 2026