Cyber Resilience

CVE-2022-25062

High

Published: 25 February 2022

Published
25 February 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.2896 96.7th percentile
Risk Priority 32 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-25062 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Tp-Link Tl-Wr840N Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 3.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-25062 is an integer overflow vulnerability (CWE-190) in the dm_checkString function of TP-LINK TL-WR840N(ES) firmware version V6.20_180709. The flaw resides in the router's web management interface and carries a CVSS 3.1 score of 7.5, reflecting network-accessible impact that can produce a denial of service while leaving confidentiality and integrity untouched.

An unauthenticated attacker can trigger the condition by sending a single crafted HTTP request to the device, causing it to crash or become unresponsive. No user interaction or credentials are required, and the attack can be launched from anywhere on the network that can reach the router's management interface.

Public references consist primarily of placeholder vendor domains and an unrelated Notion page; none supply patch details, firmware updates, or mitigation guidance. The EPSS score has remained flat at 0.2896 with no observed rise after disclosure.

EU & UK References

Vulnerability details

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

tp-link
tl-wr840n firmware
6.20_180709

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References