1 | 1 | | # CVE-2022-30075 |
2 | | - | PoC exploit for Tp-Link AX50 (CVE-2022-30075) |
| 2 | + | Remote Code Execution in Tp-Link Routers |
| 3 | + | |
| 4 | + | ### Affected Devices |
| 5 | + | If your Tp-Link router has backup and restore functionality and firmware is older than june 2022, it is probably vulnerable |
| 6 | + | |
| 7 | + | ### Tested With |
| 8 | + | Tp-Link Archer AX50, other tplink routers may use different format of backups and exploit needs to be modified |
| 9 | + | |
| 10 | + | ### PoC |
| 11 | + | ![tplink](https://user-images.githubusercontent.com/28111712/172499966-8a5d486f-c79d-4fe2-95ff-de77d211ab54.png) |
| 12 | + | |
| 13 | + | ### Timeline |
| 14 | + | 15.03.2022 - Identified vulnerability |
| 15 | + | 15.03.2022 - Contacted Tp-Link support |
| 16 | + | 16.03.2022 - Recieved response from Tp-Link |
| 17 | + | 02.05.2022 - Assigned CVE |
| 18 | + | 27.05.2022 - Tp-Link released firmware with fixed vulnerability |
| 19 | + | 07.06.2022 - Published technical details |
3 | 20 | | |