CVE-2022-30075
CVE-2022-30075
Vexday Risk Score
62High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Popular PoC on GitHub (236 stars) — exploitation code widely available.
CVSS —EPSS 32.4%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
07 Jun 2022Public PoC
09 Jun 2022Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.
Affected products
n/a · n/apublic PoCs found — 10
githubgithub.com/aaronsvk/CVE-2022-30075★ 236githubgithub.com/SAJIDAMINE/CVE-2022-30075★ 3githubgithub.com/M4fiaB0y/CVE-2022-30075★ 1githubgithub.com/RhestCorp/TP-L-NK-SIZMA-EXPLO-T★ 1vulncheckvulncheck.com/xdb/941952aea6f9unverifiedcve_referencepacketstormsecurity.com/files/167522/TP-Link-AX50-Remote-Code-Execution.htmlunverifiedvulncheckvulncheck.com/xdb/18b79bacc0f5unverifiedcve_referencewww.exploit-db.com/exploits/50962unverifiedvulncheckvulncheck.com/xdb/37e9dfd2edf1unverifiedvulncheckvulncheck.com/xdb/b9fd6e2d6f15unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.