Details of VAR-202211-1625

ID

VAR-202211-1625

CVE

CVE-2022-43635

TITLE

TP-LINK Technologies of TL-WR940N Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-022055

DESCRIPTION

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the incorrect implementation of the authentication algorithm. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17332. TP-LINK Technologies of TL-WR940N There are unspecified vulnerabilities in the firmware.Information may be obtained

Trust: 2.34

sources: NVD: CVE-2022-43635 // JVNDB: JVNDB-2022-022055 // ZDI: ZDI-22-1615 // VULMON: CVE-2022-43635

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-wr940n	scope:	-	version:	-	Trust: 1.5
vendor:	tp link	model:	tl-wr940n	scope:	eq	version:	6_211111_3.20.1	Trust: 1.0
vendor:	tp link	model:	tl-wr940n	scope:	eq	version:	tl-wr940n firmware 6 211111 3.20.1	Trust: 0.8
vendor:	tp link	model:	tl-wr940n	scope:	eq	version:	-	Trust: 0.8

sources: ZDI: ZDI-22-1615 // JVNDB: JVNDB-2022-022055 // NVD: CVE-2022-43635

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2022-43635
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2022-43635
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-43635
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2022-43635
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-202303-2521
value:	MEDIUM
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2022-43635
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2022-43635
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
ZDI:	CVE-2022-43635
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-22-1615 // JVNDB: JVNDB-2022-022055 // CNNVD: CNNVD-202303-2521 // NVD: CVE-2022-43635 // NVD: CVE-2022-43635

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-303	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-022055 // NVD: CVE-2022-43635

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202303-2521

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202303-2521

EXTERNAL IDS

db:	NVD	id:	CVE-2022-43635	Trust: 4.0
db:	ZDI	id:	ZDI-22-1615	Trust: 3.2
db:	JVNDB	id:	JVNDB-2022-022055	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-17332	Trust: 0.7
db:	CNNVD	id:	CNNVD-202303-2521	Trust: 0.6
db:	VULMON	id:	CVE-2022-43635	Trust: 0.1

sources: ZDI: ZDI-22-1615 // VULMON: CVE-2022-43635 // JVNDB: JVNDB-2022-022055 // CNNVD: CNNVD-202303-2521 // NVD: CVE-2022-43635

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-22-1615/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-43635	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-43635/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/303.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-43635 // JVNDB: JVNDB-2022-022055 // CNNVD: CNNVD-202303-2521 // NVD: CVE-2022-43635

CREDITS

ExLuck

Trust: 0.7

sources: ZDI: ZDI-22-1615

SOURCES

db:	ZDI	id:	ZDI-22-1615
db:	VULMON	id:	CVE-2022-43635
db:	JVNDB	id:	JVNDB-2022-022055
db:	CNNVD	id:	CNNVD-202303-2521
db:	NVD	id:	CVE-2022-43635

LAST UPDATE DATE

2024-08-14T14:43:38.408000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-22-1615	date:	2022-11-21T00:00:00
db:	VULMON	id:	CVE-2022-43635	date:	2023-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2022-022055	date:	2023-11-15T03:15:00
db:	CNNVD	id:	CNNVD-202303-2521	date:	2023-04-10T00:00:00
db:	NVD	id:	CVE-2022-43635	date:	2023-04-07T14:19:26.300

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-22-1615	date:	2022-11-21T00:00:00
db:	VULMON	id:	CVE-2022-43635	date:	2023-03-29T00:00:00
db:	JVNDB	id:	JVNDB-2022-022055	date:	2023-11-15T00:00:00
db:	CNNVD	id:	CNNVD-202303-2521	date:	2023-03-29T00:00:00
db:	NVD	id:	CVE-2022-43635	date:	2023-03-29T19:15:20.343