CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-31700
https://notcve.org/view.php?id=CVE-2023-31700
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd. • https://github.com/FirmRec/IoT-Vulns/blob/main/tp-link/postPlcJson/report.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-31701
https://notcve.org/view.php?id=CVE-2023-31701
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove. • https://github.com/FirmRec/IoT-Vulns/blob/main/tp-link/postPlcJson/report.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2646 – TP-Link Archer C7v2 GET Request Parameter denial of service
https://notcve.org/view.php?id=CVE-2023-2646
A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. • https://vuldb.com/?ctiid.228775 https://vuldb.com/?id.228775 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28368
https://notcve.org/view.php?id=CVE-2023-28368
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained. • https://jvn.jp/en/jp/JVN62420378 https://www.tp-link.com/en/support/download/t2600g-28sq/#Firmware •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2022-37255 – Tapo C310 RTSP server v1.3.0 - Unauthorised Video Stream Access
https://notcve.org/view.php?id=CVE-2022-37255
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603. Tapo C310 RTSP server version 1.3.0 suffers from an unauthorized video stream access vulnerability. • https://www.exploit-db.com/exploits/51107 http://packetstormsecurity.com/files/171540/Tapo-C310-RTSP-Server-1.3.0-Unauthorized-Video-Stream-Access.html https://www.tp-link.com • CWE-798: Use of Hard-coded Credentials •