CVE-2022-40486

Published: Sep 28, 2022Modified: May 21, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file.

Affected (1)

Products: Tp Link: Archer Ax10 V1 Firmware

Tp Link

1 product

Archer Ax10 V1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tp Link Archer Ax10 V1 Firmware	Version 1.3.1 20220401

Running on/with	Platform Versions
Tp Link Archer Ax10 V1	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

https://github.com/gscamelo/TP-Link-Archer-AX10-V1/blob/main/README.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.tp-link.com/br/home-networking/wifi-router/archer-ax10/

Source: cve@mitre.org

Product

https://www.tp-link.com/br/support/download/archer-ax10/v1/

Source: cve@mitre.org

Product

https://github.com/gscamelo/TP-Link-Archer-AX10-V1/blob/main/README.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.tp-link.com/br/home-networking/wifi-router/archer-ax10/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.tp-link.com/br/support/download/archer-ax10/v1/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.