CVE-2022-48194 Information

Description

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.

Reference

https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits