CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11237 – TP-Link VN020 F3v(T) DHCP DISCOVER Packet Parser TP-Thumper stack-based overflow
https://notcve.org/view.php?id=CVE-2024-11237
15 Nov 2024 — A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Zephkek/TP-Thumper • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10523 – Information Disclosure Vulnerability in TP-Link IoT Smart Hub
https://notcve.org/view.php?id=CVE-2024-10523
04 Nov 2024 — This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0331 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22733
https://notcve.org/view.php?id=CVE-2024-22733
01 Nov 2024 — TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker. • https://lenoctambule.dev/post/dos-on-tp-link-web-admin-panel • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48712
https://notcve.org/view.php?id=CVE-2024-48712
15 Oct 2024 — In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. • https://github.com/sezangel/IOT-vul/blob/main/TPlink/TL-WDR7660/3/readme.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48714
https://notcve.org/view.php?id=CVE-2024-48714
15 Oct 2024 — In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. • https://github.com/sezangel/IOT-vul/tree/main/TPlink/TL-WDR7660/2 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48710
https://notcve.org/view.php?id=CVE-2024-48710
15 Oct 2024 — In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. • https://github.com/sezangel/IOT-vul/blob/main/TPlink/TL-WDR7660/1/readme.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48713
https://notcve.org/view.php?id=CVE-2024-48713
15 Oct 2024 — In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. • https://github.com/sezangel/IOT-vul/blob/main/TPlink/TL-WDR7660/4/read.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46325
https://notcve.org/view.php?id=CVE-2024-46325
07 Oct 2024 — TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TP-LINK/WR740N/popupSiteSurveyRpm.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46486
https://notcve.org/view.php?id=CVE-2024-46486
04 Oct 2024 — TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. • https://github.com/fishykz/TP-POC • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46313
https://notcve.org/view.php?id=CVE-2024-46313
30 Sep 2024 — TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TP-LINK/WR-941ND/popupSiteSurveyRpm.md • CWE-121: Stack-based Buffer Overflow •