Pre-authentication Command Injection Vulnerability in TP-Link M7350 V3
CVE-2022-37860

9.8CRITICAL

Key Information:

Vendor: Tp-link
Status: M7350 Firmware
Vendor: CVE Published:; 12 September 2022

Summary

The web configuration interface of the TP-Link M7350 V3 is susceptible to a command injection vulnerability, allowing attackers to execute arbitrary commands without prior authentication. This flaw is particularly concerning as it could be exploited to manipulate device settings or access sensitive information, posing a significant risk to network integrity and user data.

References

https://www.tp-link.com/uk/support/download/m7350/v3/#Fir...

x_refsource_MISC

https://www.yuque.com/docs/share/fca60ef9-e5a4-462a-a984-...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2022
Vulnerability Reserved
Aug 8, 2022