CVE-2022-30075

EPSS 36.9%

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.

Affected products

n/a · n/a

public PoCs found — 6

githubgithub.com/aaronsvk/CVE-2022-30075★ 236 githubgithub.com/SAJIDAMINE/CVE-2022-30075★ 3 githubgithub.com/M4fiaB0y/CVE-2022-30075★ 1 githubgithub.com/RhestCorp/TP-L-NK-SIZMA-EXPLO-T★ 1 cve_referencepacketstormsecurity.com/files/167522/TP-Link-AX50-Remote-Code-Execution.htmlunverified cve_referencewww.exploit-db.com/exploits/50962unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/167522/TP-Link-AX50-Remote-Code-Execution.html https://github.com/aaronsvk https://github.com/aaronsvk/CVE-2022-30075 https://www.exploit-db.com/exploits/50962 http://tp-link.com