Vulnerability Details : CVE-2022-26987
Potential exploit
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2022-26987
- cpe:2.3:o:tp-link:tl-wdr7660_firmware:2.0.30:*:*:*:*:*:*:*
- cpe:2.3:o:tp-link:tl-wdr7661_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:tp-link:tl-wdr7620_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:tp-link:tl-wdr5660_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:mercusys:mercury_d196g_firmware:20200109_2.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:fastcom:fac1900r_firmware:20190827_2.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-26987
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-26987
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-26987
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-26987
-
https://drive.google.com/file/d/1SnNoqRlJiBD673UROLwdgg_roMOneVR9/view?usp=sharing
https://drive.google.com/file/d/1SnNoqRlJiBD673UROLwdgg_roMOneVR9/view?usp=sharingExploit;Third Party Advisory
-
http://tp-link.com
TP-Link Nederland – Wi-Fi Netwerkapparatuur voor Thuis & BedrijfsomgevingenVendor Advisory
-
https://github.com/GANGE666
GANGE666 (G6) · GitHubThird Party Advisory
Jump to