Login
Start Free Trial
Research Center
CVE-2022-26987 Research Center

CVE-2022-26987

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.

  • 7.8 high severity

  • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  • 10/05/2022

Operating Systems 6

Tl

Tl-Wdr7660 Firmware

by Tp-Link

1 Version

3 months ago

Tl

Tl-Wdr7661 Firmware

by Tp-Link

1 Version

3 months ago

Tl

Tl-Wdr7620 Firmware

by Tp-Link

1 Version

3 months ago

Tl

Tl-Wdr5660 Firmware

by Tp-Link

1 Version

3 months ago

Me

Mercury D196G Firmware

by Mercusys

1 Version

3 months ago

Fa

Fac1900r Firmware

by Fastcom

1 Version

3 months ago

Vulnerability Categories 1

Out-of-bounds Write

xTags 6

#exposed_to_RCE_attack
#known_vulnerability
#confidentiality_impact_if_exploited
#integrity_impact_if_exploited
#availability_impact_if_exploited
#new_vulnerability_published

Advisory Links 3

http://tp-link.com
https://github.com/GANGE666
https://drive.google.com/file/d/1SnNoqRlJiBD673UROLwdgg_roMOneVR9/view?usp=sharing
http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.

Related CVEs

Security Research Topics

By John Kilhefner
Aug 18, 2022

Blockchain Security - The New Threat. Part 2.

The conclusion to a two-part series on Blockchain technology and the threats that security practitioners should have top-of-mind. One of blockchain technology’s claims to fame is that it enables trustless interactions between parties... a claim that I'll explain is only "mostly" accurate. Let's explore the threats of blockchain.
By John Kilhefner
Aug 16, 2022

How the Common Vulnerability Scoring System Is Used (And Should You Rely on It?)

The Common Vulnerability Scoring System has been at the center of praise and controversy in the cybersecurity world. Let's separate fact from fiction and discover the merits——and pitfalls——of this system.
By Jenny R
Aug 14, 2022

Session Management Attacks - Part two

This article is the second part of the Session Management topic. The focus is on prevention practices, with one particular example of inactivity timer implementation!
By Wilson Corbett
Aug 12, 2022

Vulnerability Scanners 101: The Basics of Vulnerability Scanning

Storing data on an organization’s network is not an easy feat. Companies want their network as secure as possible, identifying loopholes and weak points to uncover and address vulnerabilities that cyber attackers can exploit. This need for protection is where Vulnerability Scanners enter the picture.
By Kent Weigle
Aug 12, 2022

CISAnalysis 12 August 2022

Zimbra Collaboration is back on CISA's shi... I mean Known Exploited Vulnerabilities Catalog. Today's theme is remote code execution without authentication.
last_chanse_04.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial
Get a Demo
Start Free Trial!