CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40531
https://notcve.org/view.php?id=CVE-2023-40531
06 Sep 2023 — Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. Las versiones de firmware de Archer AX6000 anteriores a 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' permiten a un atacante autenticado adyacente a la red ejecutar comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41184 – TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41184
31 Aug 2023 — TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Tapo C210 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the ActiveCells parameter of the CreateRules and ModifyRules APIs. The issue results from the lack of proper ... • https://www.zerodayinitiative.com/advisories/ZDI-23-1287 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38908
https://notcve.org/view.php?id=CVE-2023-38908
22 Aug 2023 — An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function. Un problema en TPLink Smart bulb Tapo series L530 v.1.0.0 y la aplicación Tapo v.2.8.14 permite a un atacante remoto obtener información confidencial a través de la función de autenticación TSKEP. • https://arxiv.org/abs/2308.09019 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-38909
https://notcve.org/view.php?id=CVE-2023-38909
22 Aug 2023 — An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function. un problema en TPLink Smart bulb Tapo series L530 v.1.0.0 y Tapo Application v.2.8.14 permite a un atacante remoto obtener información sensible a través del componente IV en la función AES128-CBC. • https://arxiv.org/abs/2308.09019 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38906
https://notcve.org/view.php?id=CVE-2023-38906
21 Aug 2023 — An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message. Un problema en la bombilla inteligente TP Link Tapo serie L530 v.1.0.0 y la aplicación Tapo v.2.8.14 permite a un atacante remoto obtener información confidencial a través del código de autenticación para el mensaje UDP. • https://arxiv.org/abs/2308.09019 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-39745
https://notcve.org/view.php?id=CVE-2023-39745
21 Aug 2023 — TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. • https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/16/TP-Link%20WR940N%20WR941ND%20WR841N%20wireless%20router%20userRpmAccessCtrlAccessRulesRpm%20buffer%20read%20out-of-bounds%20vulnerability.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 1CVE-2023-39747
https://notcve.org/view.php?id=CVE-2023-39747
21 Aug 2023 — TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm. • https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/17/TP-Link%20WR841N%20wireless%20router%20WlanSecurityRpm%20Stack%20Overflow%20vulnerability.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-39748
https://notcve.org/view.php?id=CVE-2023-39748
21 Aug 2023 — An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. • https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/19/TL_WR1041N_NetworkCfgRpm_denial_of_service_vulnerability.md • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-39751
https://notcve.org/view.php?id=CVE-2023-39751
21 Aug 2023 — TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm. • https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/20/WR941ND_userRpm_PingIframeRpm_buffer_write_out-of-bounds_vulnerability.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-31710
https://notcve.org/view.php?id=CVE-2023-31710
01 Aug 2023 — TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow. TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 y AX21(US)_V3.6_1.1.4 Build 20230219 son vulnerables a un desbordamiento de búfer. • https://github.com/xiaobye-ctf/My-CVE/tree/main/TP-Link/CVE-2023-31710 • CWE-787: Out-of-bounds Write •