CVE-2022-26988

HIGH
Published May 10, 20224y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published May 10, 2022 4y ago
Last Modified Jun 17, 2026 2w ago

Description

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 12

VendorProductVersionRange
tp-linktl-wdr7660_firmware2.0.30any
tp-linktl-wdr7660*any
tp-linktl-wdr7661_firmware*any
tp-linktl-wdr7661*any
tp-linktl-wdr7620_firmware*any
tp-linktl-wdr7620*any
tp-linktl-wdr5660_firmware*any
tp-linktl-wdr5660*any
mercusysmercury_d196g_firmware20200109_2.0.4any
mercusysmercury_d196g*any
fastcomfac1900r_firmware20190827_2.0.2any
fastcomfac1900r*any

References 3

  • tp-link.com http://tp-link.com
    Vendor Advisory
  • drive.google.com https://drive.google.com/file/d/1J1KzojrMCq-MrV0HqkWiu17MIXGhRuUH/view?usp=sharing
    ExploitThird Party Advisory
  • github.com https://github.com/GANGE666
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.