351 results (0.012 seconds)

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0331 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0

TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. Las versiones de TP-Link Tether anteriores a 4.5.13 y las versiones de TP-Link Tapo anteriores a 3.3.6 no validan correctamente los certificados, lo que puede permitir que un atacante remoto no autenticado escuche a escondidas una comunicación cifrada a través de un ataque de intermediario. • https://jvn.jp/en/jp/JVN29471697 https://play.google.com/store/apps/details?id=com.tplink.iot https://play.google.com/store/apps/details?id=com.tplink.tether •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests. TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 permite a los atacantes escalar privilegios mediante la modificación de los valores 'tid' y 'usrlvl' en las solicitudes GET. TP-Link JetStream Smart Switch TL-SG2210P version 5.0 build 20211201 suffers from a privilege escalation vulnerability. • https://github.com/str2ver/CVE-2023-43318 https://github.com/str2ver/CVE-2023-43318/tree/main https://seclists.org/fulldisclosure/2024/Mar/9 • CWE-284: Improper Access Control •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2

A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de ejecución de comandos en la funcionalidad de recursos invitados de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede provocar la ejecución de un comando arbitrario. • https://github.com/Mr-xn/CVE-2023-43482 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1850 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell. Existe una vulnerabilidad de inyección de comando posterior a la autenticación en la funcionalidad del cliente PPTP de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyección de comandos arbitrarios. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1853 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •