CVE-2022-25062
Published: 25 February 2022
Summary
CVE-2022-25062 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Tp-Link Tl-Wr840N Firmware. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 3.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-25062 is an integer overflow vulnerability (CWE-190) in the dm_checkString function of TP-LINK TL-WR840N(ES) firmware version V6.20_180709. The flaw resides in the router's web management interface and carries a CVSS 3.1 score of 7.5, reflecting network-accessible impact that can produce a denial of service while leaving confidentiality and integrity untouched.
An unauthenticated attacker can trigger the condition by sending a single crafted HTTP request to the device, causing it to crash or become unresponsive. No user interaction or credentials are required, and the attack can be launched from anywhere on the network that can reach the router's management interface.
Public references consist primarily of placeholder vendor domains and an unrelated Notion page; none supply patch details, firmware updates, or mitigation guidance. The EPSS score has remained flat at 0.2896 with no observed rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-29806
Vulnerability details
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.