CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-37774
https://notcve.org/view.php?id=CVE-2021-37774
19 Jan 2023 — An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code. Se descubrió un problema en la función httpProcDataSrv en TL-WDR7660 2.0.30 que permite a los atacantes ejecutar código arbitrario. • https://github.com/fishykz/TP-POC •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22303
https://notcve.org/view.php?id=CVE-2023-22303
17 Jan 2023 — TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. Under the certain conditions, an attacker may impersonate an administrator of the product. As a result, information may be obtained and/or the product's settings may be altered with the privilege of the administrator. El firmware TP-Link SG105PE anterior a 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contiene una vulnerabilidad de omisión de autenticación. Bajo determinadas condiciones, ... • https://jvn.jp/en/jp/JVN78481846/index.html • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2022-4498 – A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.
https://notcve.org/view.php?id=CVE-2022-4498
11 Jan 2023 — In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution. • https://kb.cert.org/vuls/id/572615 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-4499 – The strcmp function in TP-Link routers, Archer C5 and WR710N-V1, used for checking credentials in httpd, is susceptible to a side-channel attack.
https://notcve.org/view.php?id=CVE-2022-4499
11 Jan 2023 — TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password. • https://kb.cert.org/vuls/id/572615 • CWE-203: Observable Discrepancy •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 4CVE-2022-48194 – TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated)
https://notcve.org/view.php?id=CVE-2022-48194
30 Dec 2022 — TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate. Los dispositivos TP-Link TL-WR902AC hasta V3 0.9.1 permiten a atacantes remotos autenticados ejecutar código arbitrario o provocar una Denegación de Servicio (DoS) cargando una actualización de firmware manipulada porque la verificación de firma es inadecuada. TP-Link TL-WR902AC with fir... • https://packetstorm.news/files/id/171623 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46139
https://notcve.org/view.php?id=CVE-2022-46139
20 Dec 2022 — TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. TP-Link TL-WR940N V4 3.16.9 y anteriores permite a atacantes autenticados provocar una Denegación de Servicio (DoS) mediante la carga de una imagen de firmware manipulada durante el proceso de actualización del firmware. • https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HJH7LSZPj •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2022-46430
https://notcve.org/view.php?id=CVE-2022-46430
20 Dec 2022 — TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. TP-Link TL-WR740N V1 y V2 v3.12.4 y anteriores permiten a atacantes autenticados ejecutar código arbitrario o provocar una Denegación de Servicio (DoS) mediante la carga de una imagen de firmware manipulada durante el proceso de actualización del firmware. • https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BJxlw2Pwi • CWE-494: Download of Code Without Integrity Check •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-46435
https://notcve.org/view.php?id=CVE-2022-46435
20 Dec 2022 — An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. Un problema en el proceso de actualización de firmware de TP-Link TL-WR941ND V2/V3 hasta 3.13.9 y TL-WR941ND V4 hasta 3.12.8 permite a atacantes ejecutar código arbitrario o provocar una Denegación de Servicio (DoS) mediante la carga de un Imagen de firmware manipulada. • https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SyvnlO9Pi •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46428
https://notcve.org/view.php?id=CVE-2022-46428
20 Dec 2022 — TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. TP-Link TL-WR1043ND V1 3.13.15 y anteriores permite a atacantes autenticados ejecutar código arbitrario o provocar una Denegación de Servicio (DoS) mediante la carga de una imagen de firmware manipulada durante el proceso de actualización del firmware. • https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1hP34Hvj • CWE-494: Download of Code Without Integrity Check •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46912
https://notcve.org/view.php?id=CVE-2022-46912
20 Dec 2022 — An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. Un problema en el proceso de actualización de firmware de TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 y anteriores permite a atacantes ejecutar código arbitrario o provocar una Denegación de Servicio (DoS) mediante la carga de una imagen de firmware manipulada. • https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/Sk6sfbTPi •