Page 17 of 351 results (0.003 seconds)

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 2

TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603. Tapo C310 RTSP server version 1.3.0 suffers from an unauthorized video stream access vulnerability. • https://www.exploit-db.com/exploits/51107 http://packetstormsecurity.com/files/171540/Tapo-C310-RTSP-Server-1.3.0-Unauthorized-Video-Stream-Access.html https://www.tp-link.com • CWE-798: Use of Hard-coded Credentials •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1

A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint. • https://github.com/B2eFly/Router/blob/main/TPLINK/MR3020/1.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.8EPSS: 5%CPEs: 2EXPL: 5

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the merge_country_config function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. • https://www.exploit-db.com/exploits/51677 https://github.com/Terminal1337/CVE-2023-1389 https://github.com/Voyag3r-Security/CVE-2023-1389 http://packetstormsecurity.com/files/174131/TP-Link-Archer-AX21-Command-Injection.html https://www.tenable.com/security/research/tra-2023-11 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication. • https://midist0xf.medium.com/tl-wr940n-uses-weak-md5-hashing-algorithm-ae7b589860d2 https://www.tp-link.com/en/support/download/tl-wr940n/#Firmware • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. • https://vuldb.com/?ctiid.221552 https://vuldb.com/?id.221552 • CWE-404: Improper Resource Shutdown or Release •