Tools & Exploits in Dark Web Forums
There have been several reports of hackers working with other hackers around the world to exploit the RCE (CVE-2022-30075) to gain access to the TP-Link system.
There have been a number of reports of leaked credentials of TP-Link products being sold on the dark web in Russian forums.
Hackers can abuse them to gain access to vulnerable devices and exploit the underlying vulnerabilities to gain unauthorized access.
TP-Link Router AX50 firmware 210730 as well as older versions have recently been found to be vulnerable to a critical RCE flaw discovered two months ago.
This is a web-based attack, associated with CVE-2022-30075, where a malicious backup file is imported through a web interface. A flaw in the backup and restore functionality could allow an attacker to exploit the vulnerability and carry out an RCE attack.
- CVE ID: CVE-2022-30075
- Description: Authenticated Remote Code Execution Vulnerability in TP-Link routers.
- CVSS Score: 8.8
- Exploits: Link (June 2022)
As a result of this vulnerability, different law enforcement agencies have released various advisories, and here they are mentioned below:-
- In a report published on 13 June 2022, CISA outlined the vulnerability but did not assign it a CVSS score.
- Under the category of “Other Vulnerabilities,” Sing CERT published about this flaw on 22 June 2022 with a CVSS Score of 8.8.
- CERT-IN notified publicly on 01 September 2022 that TP-Link routers are vulnerable to a “Critical” flaw and exploitable to arbitrary code execution.
TP-Link routers, in many cases, are still unpatched for the vulnerabilities that have already been identified in them.
However, for now, it is not possible at this stage to isolate any specific group of cybercriminals who exploit these routers.
The vulnerability of the TP-Link routers could be exploited by an attacker from a country with a bad reputation for relations with other nations in order to launch a cyberattack against them.
While having a footprint on such vulnerable devices is necessary for it to be possible to make this kind of action.
But, security experts have strongly urged users to immediately patch their vulnerable TP-Link routers and their software to the most recent version.