7 results (0.013 seconds)

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1

Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature. El firmware Tp-Link TL-WR840N (EU) v6.20 (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) es vulnerable a un Desbordamiento del Búfer por medio de la funcionalidad Password reset • https://k4m1ll0.com/cve-tplink-tlwr840n-euV620-password-reset.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 10.0EPSS: 94%CPEs: 2EXPL: 2

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. La función PING en el router TP-Link TL-WR840N EU versión v5 con firmware hasta TL-WR840N(EU)_V5_171211, es vulnerable a una ejecución de código remota por medio de una carga útil diseñada en un campo de entrada de dirección IP • https://github.com/likeww/CVE-2021-41653 http://tp-link.com https://k4m1ll0.com/cve-2021-41653.html https://www.tp-link.com/us/press/security-advisory • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 13%CPEs: 2EXPL: 2

oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem. oal_ipt_addBridgeIsolationRules en dispositivos TP-Link TL-WR840N versión 6_EU_0.9.1_4.16, permite una inyección de comandos del Sistema Operativo porque una cadena sin procesar ingresada desde la interfaz web (un campo de dirección IP) es usada directamente para una llamada a la función de biblioteca del sistema (para iptables) • https://github.com/therealunicornsecurity/therealunicornsecurity.github.io/blob/master/_posts/2020-10-11-TPLink.md https://therealunicornsecurity.github.io/TPLink https://www.tp-link.com/fr/support/download/tl-wr840n/v6/#Firmware • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field. La función traceroute en el enrutador TP-Link TL-WR840N versión v4 con firmware hasta 0.9.1 3.16, es vulnerable a la ejecución de código remota por medio de una carga útil especialmente diseñada en un campo de entrada de dirección IP. • https://twitter.com/rapt00rvf https://vitor-fernandes.github.io/First-CVE • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1

TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet. Los dispositivos TP-Link TL-WR840N v5 00000005 permiten una vulnerabilidad de tipo XSS por medio del parámetro network name. • https://www.exploit-db.com/exploits/46882 http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR840N-Cross-Site-Scripting.html https://www.tp-link.com/us/security • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •