VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 20, 2022· Updated Apr 16, 2025

CVE-2022-46432

CVE-2022-46432

Description

An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v3.12.20 and earlier.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

Root cause

"Missing cryptographic signature verification and plain HTTP firmware delivery allow an on-path attacker to modify the firmware image and recalculate its MD5 checksum to bypass integrity checks."

Attack vector

An attacker with a privileged network position (obtained via ARP spoofing, DNS spoofing, or similar MITM techniques) intercepts the plain HTTP firmware upload from the user to the router. The attacker replaces several bytes in the kernel portion of the firmware image (e.g., offset 0x102C–0x102F) with arbitrary values, recalculates the MD5 checksums in the firmware headers, and forwards the modified image. Because the device verifies only the MD5 checksum embedded in the header—and the attacker can recompute that checksum—the modified image passes the `md5_verify_digest` check and is flashed onto the device [ref_id=1].

Affected code

The vulnerability resides in the firmware update verification function `upgradeFirmware` (decompiled code shown in the advisory). The function performs an MD5 checksum comparison to verify firmware integrity but does not enforce any cryptographic signature on the firmware image [ref_id=1].

What the fix does

The advisory does not provide a vendor patch or fix commit. The recommended remediation is to replace plain HTTP firmware delivery with HTTPS or another cryptographically protected channel, and to add digital signature verification to the firmware image so that an attacker cannot forge a valid signature even if they can modify the image and recalculate the MD5 checksum [ref_id=1].

Preconditions

  • networkAttacker must be on the network path between the user and the router (e.g., via ARP spoofing, DNS spoofing, or rogue access point)
  • inputUser must perform a firmware update by uploading a firmware image through the router's web interface
  • configFirmware delivery uses plain HTTP with no transport-layer encryption

Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.