CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2022-25061
https://notcve.org/view.php?id=CVE-2022-25061
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. Se ha detectado que TP-LINK TL-WR840N(ES)_V6.20_180709 contiene una vulnerabilidad de inyección de comandos por medio del componente oal_setIp6DefaultRoute. • https://github.com/exploitwritter/CVE-2022-25061 http://router.com http://tp-link.com https://east-trowel-102.notion.site/CVE-2021-XXXX-Injection-of-commands-through-object-oal_setIp6DefaultRoute-EN-ddf9c1db199d49829269147ada6cb312 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 3CVE-2022-25064
https://notcve.org/view.php?id=CVE-2022-25064
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. Se ha detectado que TP-LINK TL-WR840N(ES)_V6.20_180709 contiene una vulnerabilidad de ejecución de código remota (RCE) por medio de la función oal_wan6_setIpAddr. • https://github.com/Mr-xn/CVE-2022-25064 https://github.com/exploitwritter/CVE-2022-25064 http://router.com http://tp-link.com https://east-trowel-102.notion.site/CVE-2021-XXXX-rce-via-crafted-payload-in-an-ipv6-address-input-field-hidden-EN-98e24b6f841043fba17ec4627c34f5d1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25062
https://notcve.org/view.php?id=CVE-2022-25062
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Se ha detectado que el TP-LINK TL-WR840N(ES)_V6.20_180709 contiene un desbordamiento de enteros por medio de la función dm_checkString. Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) por medio de una petición HTTP diseñada. • https://github.com/exploitwritter/CVE-2022-25062 http://router.com http://tp-link.com https://east-trowel-102.notion.site/CVE-2021-XXXX-RCE-Integer-Overflow-via-crafted-payload-in-an-DNS-input-field-userDomain-EN-2bc0fafd23224a5a8f86f5f0f9377d3d • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 2CVE-2022-25060
https://notcve.org/view.php?id=CVE-2022-25060
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. Se ha detectado que el TP-LINK TL-WR840N(ES)_V6.20_180709, contenía una vulnerabilidad de inyección de comandos por medio del componente oal_startPing. • https://github.com/exploitwritter/CVE-2022-25060 http://router.com http://tp-link.com https://east-trowel-102.notion.site/CVE-2021-XXXX-Injection-of-commands-through-object-oal_startPing-EN-939c748c5f244504899477114b1ca1cf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 94%CPEs: 2EXPL: 2CVE-2021-41653
https://notcve.org/view.php?id=CVE-2021-41653
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. La función PING en el router TP-Link TL-WR840N EU versión v5 con firmware hasta TL-WR840N(EU)_V5_171211, es vulnerable a una ejecución de código remota por medio de una carga útil diseñada en un campo de entrada de dirección IP • https://github.com/likeww/CVE-2021-41653 http://tp-link.com https://k4m1ll0.com/cve-2021-41653.html https://www.tp-link.com/us/press/security-advisory • CWE-94: Improper Control of Generation of Code ('Code Injection') •