#VU69570 Incorrect Implementation of Authentication Algorithm


Published: 2022-11-24

Vulnerability identifier: #VU69570

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-43635

CWE-ID: CWE-303

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
TL-WR940N
Hardware solutions / Routers for home users

Vendor:

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the incorrect implementation of the authentication algorithm within the httpd service. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions


External links
http://www.zerodayinitiative.com/advisories/ZDI-22-1615/


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability