PT-2021-7268 · Tp Link · Tp-Link Tl-Wr840N

K4M1Ll0

Published

2021-09-20

Updated

2022-06-07

CVE-2022-29402

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR840N EU version 6.20

Description The issue is related to insecure protections for the UART console in the TP-Link TL-WR840N EU router. This allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.

Recommendations For TP-Link TL-WR840N EU version 6.20, consider disabling the UART console as a temporary workaround until a patch is available. Restrict physical access to the UART port to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2022-04739

CVE-2022-29402

Affected Products

Tp-Link Tl-Wr840N

PT-2021-7268 · Tp Link · Tp-Link Tl-Wr840N

CVE-2022-29402

Weakness Enumeration

Related Identifiers

Affected Products

References · 6