CVE-2022-46432 - OpenCVE

An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v3.12.20 and earlier.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Tp-link	Tl-wr743nd V1 Tl-wr743nd V1 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:tp-link:tl-wr743nd_v1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr743nd_v1:-:*:*:*:*:*:*:*

References

Link	Resource
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/B1Vgv1uwo
https://www.tp-link.com/us/press/security-advisory/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-20T00:00:00

Updated: 2022-12-20T00:00:00

Reserved: 2022-12-05T00:00:00

Link: CVE-2022-46432

JSON object: View

NVD Information

Status : Modified

Published: 2022-12-20T20:15:10.793

Modified: 2023-11-07T03:55:38.170

Link: CVE-2022-46432

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:tp-link:tl-wr743nd_v1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "201E4DFD-1CB7-48F1-8560-D51AEDEDF855", "versionEndIncluding": "3.12.20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:tp-link:tl-wr743nd_v1:-:*:*:*:*:*:*:*", "matchCriteriaId": "727D6405-3759-45F1-AED2-C8DA19E64F67", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v3.12.20 and earlier."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de modificaci\u00f3n de firmware explotable en TP-Link TL-WR743ND V1. Un atacante puede realizar un ataque MITM (Man-in-the-Middle) para modificar la imagen de firmware cargada por el usuario y eludir la verificaci\u00f3n CRC, lo que permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una Denegaci\u00f3n de Servicio (DoS). Esto afecta a la versi\u00f3n 3.12.20 y anteriores."}], "id": "CVE-2022-46432", "lastModified": "2023-11-07T03:55:38.170", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-20T20:15:10.793", "references": [{"source": "cve@mitre.org", "url": "https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/B1Vgv1uwo"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.tp-link.com/us/press/security-advisory/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}