ID

VAR-202209-0693


CVE

CVE-2022-37860


TITLE

TP-Link M7350 Command injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202209-727

DESCRIPTION

The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability.

Trust: 1.0

sources: NVD: CVE-2022-37860

AFFECTED PRODUCTS

vendor:tp linkmodel:m7350scope:eqversion:190531

Trust: 1.0

sources: NVD: CVE-2022-37860

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-37860
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202209-727
value: CRITICAL

Trust: 0.6

NVD: CVE-2022-37860
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202209-727 // NVD: CVE-2022-37860

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

sources: NVD: CVE-2022-37860

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-727

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202209-727

CONFIGURATIONS

sources: NVD: CVE-2022-37860

PATCH

title:TP-Link M7350 Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=207864

Trust: 0.6

sources: CNNVD: CNNVD-202209-727

EXTERNAL IDS

db:NVDid:CVE-2022-37860

Trust: 1.6

db:CNNVDid:CNNVD-202209-727

Trust: 0.6

sources: CNNVD: CNNVD-202209-727 // NVD: CVE-2022-37860

REFERENCES

url:https://www.yuque.com/docs/share/fca60ef9-e5a4-462a-a984-61def4c9b132

Trust: 1.6

url:https://www.tp-link.com/uk/support/download/m7350/v3/#firmware

Trust: 1.6

url:https://cxsecurity.com/cveshow/cve-2022-37860/

Trust: 0.6

sources: CNNVD: CNNVD-202209-727 // NVD: CVE-2022-37860

SOURCES

db:CNNVDid:CNNVD-202209-727
db:NVDid:CVE-2022-37860

LAST UPDATE DATE

2022-09-16T22:28:09.447000+00:00


SOURCES UPDATE DATE

db:CNNVDid:CNNVD-202209-727date:2022-09-16T00:00:00
db:NVDid:CVE-2022-37860date:2022-09-15T18:32:00

SOURCES RELEASE DATE

db:CNNVDid:CNNVD-202209-727date:2022-09-12T00:00:00
db:NVDid:CVE-2022-37860date:2022-09-12T18:15:00