CVE-2022-26987
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
10/05/2022
Last modified:
16/05/2022
Description
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:tp-link:tl-wdr7660_firmware:2.0.30:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:tl-wdr7660:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:tl-wdr7661_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:tl-wdr7661:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:tl-wdr7620_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:tl-wdr7620:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:tp-link:tl-wdr5660_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:tp-link:tl-wdr5660:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mercusys:mercury_d196g_firmware:20200109_2.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:h:mercusys:mercury_d196g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fastcom:fac1900r_firmware:20190827_2.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:h:fastcom:fac1900r:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page