CVE-2022-25061

Name of the Vulnerable Software and Affected Versions TP-LINK TL-WR840N(ES) version V6.20 180709

Description The issue is related to a command injection vulnerability via the component oal setIp6DefaultRoute(). This vulnerability is associated with the lack of neutralization of special elements when processing the ifName argument, which can allow an attacker to execute arbitrary commands.

Recommendations For TP-LINK TL-WR840N(ES) version V6.20 180709, as a temporary workaround, consider disabling the oal setIp6DefaultRoute() function until a patch is available. Restrict access to the libcmm.so module to minimize the risk of exploitation. Avoid using the ifName argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.