CVE-2022-37860

high-risk
Published 2022-09-12

The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability.

Do I need to act?

!
41.7% chance of exploitation in next 30 days
EPSS score — higher than 58% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

M7350 Firmware

Affected Vendors

Tp-Link

References (4)

Patch https://www.tp-link.com/uk/support/download/m7350/v3/#Firmware
Exploit https://www.yuque.com/docs/share/fca60ef9-e5a4-462a-a984-61def4c9b132
Patch https://www.tp-link.com/uk/support/download/m7350/v3/#Firmware
Exploit https://www.yuque.com/docs/share/fca60ef9-e5a4-462a-a984-61def4c9b132
54
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 17/34 · Moderate
Exposure 5/34 · Minimal