In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.
TP-Link-Archer-AX10-V1
A proof of concept for TP-LINK router Archer AX10 v1 - CVE-2022-40486
Intro
The device I conducted this research on was the Archer AX10 v1 home WiFi router from TP-Link (Firmware Version 131 Build 20220401 Rel 57450(5553))
My first approach was to get access via the UART Interface on the board
You can see about "How to Detect Serial Pinout (GND
CVE-2022-30075
Authenticated Remote Code Execution in Tp-Link Routers
Affected Devices
If your Tp-Link router has backup and restore functionality and firmware is older than june 2022, it is probably vulnerable
Tested With
Tp-Link Archer AX50, other tplink routers may use different format of backups and exploit needs to be modified
PoC
Using exploit for starting telnet daemon o
Awesome Stars
A curated list of my GitHub stars! Generated by starred
Contents
Adblock Filter List
Assembly
Awk
Batchfile
Brainfuck
C
C#
C++
CMake
CSS
Clojure
Common Lisp
Crystal
Cython
Dart
Dhall
Dockerfile
Earthly
Elixir
Emacs Lisp
Erlang
Fennel
GDScript
Go
HTML
Handlebars
Haskell
Inno Setup
Java
JavaScript
Jupyter Notebook
Kotlin
LLVM
Lua
M4
MDX
Makefile
NCL
Nim
Nix
Nun
Vulmon