CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46432
https://notcve.org/view.php?id=CVE-2022-46432
20 Dec 2022 — An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v3.12.20 and earlier. Se descubrió una vulnerabilidad de modificación de firmware explotable en TP-Link TL-WR743ND V1. Un atacante puede realizar un ataque MITM (Man-in-the-Middle) para modificar la ... • https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/B1Vgv1uwo •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-46910
https://notcve.org/view.php?id=CVE-2022-46910
20 Dec 2022 — An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. Un problema en el proceso de actualización de firmware de TP-Link TL-WA901ND V1 hasta v3.11.2 y TL-WA901N V2 hasta v3.12.16 permite a atacantes ejecutar código arbitrario o provocar una Denegación de Servicio (DoS) mediante la carga de una imagen de firmware manipulada. • https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BkwzORiDo •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46434
https://notcve.org/view.php?id=CVE-2022-46434
20 Dec 2022 — An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12.6 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. Un problema en el proceso de actualización de firmware de TP-Link TL-WA7510N v1 v3.12.6 y anteriores permite a atacantes ejecutar código arbitrario o provocar una Denegación de Servicio (DoS) mediante la carga de una imagen de firmware manipulada. • https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/rJl69Icws •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46914
https://notcve.org/view.php?id=CVE-2022-46914
20 Dec 2022 — An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. Un problema en el proceso de actualización de firmware de TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 y anteriores permite a atacantes ejecutar código arbitrario o provocar una Denegación de Servicio (DoS) mediante la carga de una imagen de firmware manipulada. • https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BJ4czlpwi •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41783
https://notcve.org/view.php?id=CVE-2022-41783
07 Dec 2022 — tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function. tdpServer de TP-Link RE300 V1 procesa incorrectamente su entrada, lo que puede permitir que un atacante cause una condición de Denegación de Servicio (DoS) de la función OneMesh del producto. • https://jvn.jp/en/jp/JVN29657972/index.html •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-4296 – TP-Link TL-WR740N ARP resource consumption
https://notcve.org/view.php?id=CVE-2022-4296
06 Dec 2022 — A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.214812 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43635 – TP-Link TL-WR940N httpd Incorrect Implementation of Authentication Algorithm Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-43635
21 Nov 2022 — This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the incorrect implementation of the authentication algorithm. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. • https://www.zerodayinitiative.com/advisories/ZDI-22-1615 • CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43636 – TP-Link TL-WR940N httpd Use of Insufficiently Random Values Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-43636
21 Nov 2022 — This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of sufficient randomness in the sequnce numbers used for session managment. An attacker can leverage this vulnerability to bypass authentication on the system. • https://www.zerodayinitiative.com/advisories/ZDI-22-1614 • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42433 – TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-42433
25 Oct 2022 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_V14_220121 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute c... • https://www.zerodayinitiative.com/advisories/ZDI-22-1466 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41541
https://notcve.org/view.php?id=CVE-2022-41541
18 Oct 2022 — TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user. TP-Link AX10v1 versión V1_211117, permite a atacantes ejecutar un ataque de repetición al usar un mensaje de autenticación encriptado previamente transmitido y un token de autenticación válido. Los atacantes son capaces de iniciar sesión en la aplicación web como un usuario ... • https://github.com/efchatz/easy-exploits/tree/main/Web/TP-Link/Replay • CWE-294: Authentication Bypass by Capture-replay •