Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
February 22, 2022Rewterz Threat Advisory – ICS: Multiple Siemens JT2Go PAR File, PAR File and DXF File Vulnerabilities
February 23, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
February 22, 2022Rewterz Threat Advisory – ICS: Multiple Siemens JT2Go PAR File, PAR File and DXF File Vulnerabilities
February 23, 2022Severity
High
Analysis Summary
CVE-2022-24973
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
CVE-2022-24972
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
CVE-2022-0650
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
Impact
- Code Execution
- Information Disclosure
- Remote Code Execution
Indicators of Compromise
CVE
- CVE-2022-24973
- CVE-2022-24972
- CVE-2022-0650
Affected Vendors
TP-Link
Affected Products
- TP-LINK TL-WR940N
Remediation
Refer to TP-Link TL-WR940N for patch, upgrade, or suggested workaround information.