NVD disclosure day

Published threat advisories for February 25, 2022

CVE advisoryCRITICAL

CVE-2022-25064

TP-LINK TL-WR840N Remote Code Execution Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical remote code execution vulnerability exists in a TP-Link router function related to IPv6 address settings. This flaw could allow an unauthenticated attacker to execute arbitrary commands on a reachable device without user interaction. Confirmation is needed to determine if this specific router model is deploy

CVE advisoryCRITICAL

CVE-2022-25061

TP-LINK TL-WR840N Command Injection via oal_setIp6DefaultRoute

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical command injection vulnerability exists in TP-LINK TL-WR840N devices, allowing unauthorized command execution through the oal_setIp6DefaultRoute component. This could lead to device compromise and affect network functions. The relevance and network exposure of affected devices need to be confirmed to understa

CVE advisoryCRITICAL

CVE-2022-25060

TP-LINK TL-WR840N Command Injection Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A command injection vulnerability exists in TP-LINK TL-WR840N routers, allowing unauthenticated attackers to execute arbitrary commands via the `oal_startPing` component. This could lead to unauthorized control and potential disruption of network services. It is important to determine if this technology is in use and a