Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-25061

EPSS 86.03% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-25061

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
TP-LINK TL-WR840N 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TP-LINK TL-WR840N是中国普联(TP-LINK)公司的一款无线路由器。 TP-LINK TL-WR840N(ES) V6.20 180709版本 存在操作系统命令注入漏洞,该漏洞源于组件oal_setIp6DefaultRoute缺少对于命令参数的过滤和转义。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2022-25061

#POC DescriptionSource LinkShenlong Link
1This script exploits a remote command execution vulnerability under the oal_setIp6DefaultRoute component in the TPLink WR840N router.https://github.com/exploitwritter/CVE-2022-25061POC Details
2The TP-Link TL-WR840N(ES)_V6.20_180709 router contains a command injection vulnerability in the oal_setIp6DefaultRoute component. This vulnerability allows authenticated attackers to execute arbitrary system commands, leading to complete device compromise. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-25061.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-25061

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-02-25 · 47 CVEs total

CVE-2021-234955.4 MEDIUMOpen Redirect
CVE-2022-25062Tp-link TL-WR840N 输入验证错误漏洞
CVE-2022-24346JetBrains IntelliJ IDEA 代码注入漏洞
CVE-2022-25262JetBrains Hub 数据伪造问题漏洞
CVE-2022-25259JetBrains Hub 跨站脚本漏洞
CVE-2022-24442JetBrains YouTrack 代码注入漏洞
CVE-2022-25094Home Owners Collection Management System 安全漏洞
CVE-2022-25095Home Owners Collection Management System 安全漏洞
CVE-2022-25096Home Owners Collection Management System SQL注入漏洞
CVE-2022-25260JetBrains Hub 代码问题漏洞
CVE-2022-25064Tp-link TL-WR840N 操作系统命令注入漏洞
CVE-2022-25264JetBrains TeamCity 安全漏洞
CVE-2022-25060Tp-link TL-WR840N 操作系统命令注入漏洞
CVE-2021-44132UIC-DATA ONU4FERW 命令注入漏洞
CVE-2021-42244Notimoo 跨站脚本漏洞
CVE-2021-37504Hayageek Jquery Upload File跨站脚本漏洞
CVE-2021-40046Huawei PCManager 权限许可和访问控制问题漏洞
CVE-2021-40043Huawei AIS-BW80H-00 命令注入漏洞
CVE-2021-45977JetBrains IntelliJ IDEA 安全漏洞
CVE-2022-24347JetBrains YouTrack 跨站脚本漏洞

Showing top 20 of 47 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2022-25061

No comments yet

Leave a comment