CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24353 – TP-Link AC1750 NetUSB Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24353
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. • https://www.zerodayinitiative.com/advisories/ZDI-22-263 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24352 – TP-Link AC1750 NetUSB Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24352
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 211210 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko kernel module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-22-262 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24354 – TP-Link AC1750 NetUSB Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24354
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-22-264 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27246 – TP-Link AC1750 sync-server Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27246
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this vulnerability to execute code in the context of the root user. • https://www.zerodayinitiative.com/advisories/ZDI-21-215 • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 5CVE-2020-28347
https://notcve.org/view.php?id=CVE-2020-28347
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled. tdpServer en dispositivos TP-Link Archer A7 AC1750 versiones anteriores a 201029, permite a atacantes remotos ejecutar código arbitrario mediante el parámetro slave_mac. NOTA: este problema se presenta debido a una corrección incompleta para el CVE-2020-10882 en que las citas de shell se manejan inapropiadamente • https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2019/lao_bomb/lao_bomb.md https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/minesweeper.md https://github.com/rapid7/metasploit-framework/pull/14365 https://github.com/rdomanski/Exploits_and_Advisories/blob/master/advisories/Pwn2Own/Tokyo2019/lao_bomb.md https://github.com/rdomanski/Exploits_and_Advisories/blob/master/advisories/Pwn2Own/Tokyo2020/minesweeper.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •