Main Vulnerability Database Vulnerabilities #VU60728

Use of insufficiently random values in TL-WA850RE V6 - CVE-2022-22922

Published: February 21, 2022

Vulnerability identifier: #VU60728

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2022-22922

CWE-ID: CWE-330

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TP-Link

Affected software:
TL-WA850RE V6

Detailed vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the affected product uses highly predictable and easily detectable session keys, which leads to security restrictions bypass and privilege escalation.

How to mitigate CVE-2022-22922

Install updates from vendor's website.

Sources

https://github.com/emremulazimoglu/cve/blob/main/CWE330-TL-WA850RE-v6.md
https://www.tp-link.com/us/support/download/tl-wa850re/v6/#Firmware

Use of insufficiently random values in TL-WA850RE V6 - CVE-2022-22922

Detailed vulnerability description

How to mitigate CVE-2022-22922

Sources

Please verify you're human