What is CVE-2022-48194?

CVE-2022-48194 is a vulnerability in N/a. Published 2022-12-30.

Is CVE-2022-48194 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-48194

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.

EPSS: 0.555 (98.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

otsmr/internet-of-vulnerable-things
abyasham/vulnerability-prioritize-epss-ssvc
k0mi-tg/CVE-POC
manas3c/CVE-POC
ARPSyndicate/cve-scores
whoforget/CVE-POC
youwizard/CVE-POC
nomi-sec/PoC-in-GitHub

References

github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits
packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execution.h…

Frequently asked questions

What is CVE-2022-48194?: CVE-2022-48194 is a vulnerability in N/a. Published 2022-12-30.
Is CVE-2022-48194 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.