CVE-2022-25060

Name of the Vulnerable Software and Affected Versions TP-LINK TL-WR840N(ES) version V6.20 180709

Description The issue is related to a command injection vulnerability. It is associated with the util execSystem() function in the libcmm.so module of the TP-Link TL-WR840N (ES) router's firmware. The vulnerability allows an attacker to execute arbitrary commands due to the lack of neutralization of special elements used in the operating system command.

Recommendations For TP-LINK TL-WR840N(ES) version V6.20 180709, consider disabling the oal startPing component or restricting its use until a patch is available. Additionally, as a temporary workaround, avoid using the util execSystem() function in the libcmm.so module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.