Multiple vulnerabilities in TP-Link TL-WR940N

1) Use of insufficiently random values

EUVDB-ID: #VU69569

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-43636

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the lack of sufficient randomness in the sequnce numbers used for session managment within the httpd service. A remote attacker on the local network can bypass authentication process and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

TL-WR940N: before 6_3.20.1 Build 220801

CPE2.3

• cpe:2.3:h:tp-link:tl-wr940n:*:*:*:*:*:*:*:*

External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1614/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Incorrect Implementation of Authentication Algorithm

EUVDB-ID: #VU69570

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-43635

CWE-ID: CWE-303 - Incorrect Implementation of Authentication Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the incorrect implementation of the authentication algorithm within the httpd service. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

TL-WR940N: before 6_3.20.1 Build 220801

CPE2.3

• cpe:2.3:h:tp-link:tl-wr940n:*:*:*:*:*:*:*:*

External links

http://www.zerodayinitiative.com/advisories/ZDI-22-1615/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?