CVE-2022-30075

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX50 (AX3000) versions 210730 and older

Description The issue is related to insufficient input validation in the implementation of the backup and restore functionality of the TP-Link Archer AX50 (AX3000) router's web interface. This can allow a remote attacker to execute arbitrary code by importing a malicious backup file via the web interface. The estimated number of potentially affected devices is not specified, but it is mentioned that TP-Link routers with backup and restore functionality and firmware older than June 2022 are affected.

Recommendations For TP-Link Archer AX50 (AX3000) versions 210730 and older, update the firmware to a version newer than 210730 to resolve the issue. As a temporary workaround, consider restricting access to the backup and restore functionality via the web interface until a patch is available. Avoid importing backup files from untrusted sources to minimize the risk of exploitation.