Cybersecurity specialists report the detection of a severe vulnerability in the line of TL-WA850RE V6 routers, developed by the technology company TP-Link. According to the report, there is a publicly available exploit for the exploitation of the flaw, so it is necessary to update immediately.
Tracked as CVE-2022-22922, the vulnerability exists because affected routers use predictable and overly easy-to-guess session keys, allowing threat actors to evade security restrictions and perform a privilege escalation attack.
This is a critical vulnerability and received a score of 8.8/10 according to the Common Vulnerability Scoring System (CVSS) because its successful exploitation would allow threat actors to compromise the target system.
According to the report, the vulnerability resides in all versions of TP-Link TL-WA850RE v6 prior to 200923.
The researchers mention that the flaw can be exploited by unauthenticated threat actors, although so far no active exploitation attempts have been detected. Still, the availability of the exploit makes this a considerable problem.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.