CVE-2022-42433

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR841N versions TL-WR841N(US) V14 220121

Description This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Although authentication is required to exploit this issue, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of root.

Recommendations For TP-Link TL-WR841N version TL-WR841N(US) V14 220121, as a temporary workaround, consider disabling the ated tp service until a patch is available. Restrict access to the ated tp service to minimize the risk of exploitation. Avoid using user-supplied strings in the affected system call until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.