CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-27837
https://notcve.org/view.php?id=CVE-2023-27837
13 Jun 2023 — TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774. • https://github.com/lzd521/IOT/tree/main/TP-Link%20WPA8630P • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28478
https://notcve.org/view.php?id=CVE-2023-28478
12 Jun 2023 — TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow. • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0006.md • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 1CVE-2023-33537
https://notcve.org/view.php?id=CVE-2023-33537
07 Jun 2023 — TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm. • https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/1/TL-WR940N_TL-WR841N_TL-WR740N_userRpm_FixMapCfgRpm.md • CWE-125: Out-of-bounds Read •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 1CVE-2023-33536
https://notcve.org/view.php?id=CVE-2023-33536
07 Jun 2023 — TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm. • https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/2/TL-WR940N_TL-WR841N_TL-WR740N_userRpm_WlanMacFilterRpm.md • CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 1CVE-2023-33538
https://notcve.org/view.php?id=CVE-2023-33538
07 Jun 2023 — TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . Se ha descubierto que TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, y TL-WR740N V1/V2 contienen una vulnerabilidad de inyección de comandos en el componente /userRpm/WlanNetworkRpm. • https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/3/TL-WR940N_TL-WR841N_userRpm_WlanNetworkRpm_Command_Injection.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 1CVE-2023-27126
https://notcve.org/view.php?id=CVE-2023-27126
06 Jun 2023 — The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. • http://tapo.com • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 2CVE-2023-31756
https://notcve.org/view.php?id=CVE-2023-31756
19 May 2023 — A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter. • https://github.com/StanleyJobsonAU/LongBow • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-31700
https://notcve.org/view.php?id=CVE-2023-31700
17 May 2023 — TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd. • https://github.com/FirmRec/IoT-Vulns/blob/main/tp-link/postPlcJson/report.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-31701
https://notcve.org/view.php?id=CVE-2023-31701
17 May 2023 — TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove. • https://github.com/FirmRec/IoT-Vulns/blob/main/tp-link/postPlcJson/report.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2646 – TP-Link Archer C7v2 GET Request Parameter denial of service
https://notcve.org/view.php?id=CVE-2023-2646
11 May 2023 — A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. • https://vuldb.com/?ctiid.228775 • CWE-404: Improper Resource Shutdown or Release •