CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0162 – Vulnerability in TP-LinK TL-WR841N wireless router
https://notcve.org/view.php?id=CVE-2022-0162
09 Feb 2022 — The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface. Se presenta una vulnerabilidad en el router inalámbrico TP-Link TL-WR841N versión V11 3.16.9 Build 160325 Rel.62500n, debid... • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0068 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.0EPSS: 69%CPEs: 2EXPL: 1CVE-2020-35576 – TP-Link TL-WR841N - Command Injection
https://notcve.org/view.php?id=CVE-2020-35576
25 Jan 2021 — A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577. Un problema de Inyección de Comando en la funcionalidad traceroute en TP-Link TL-WR841N V13 (JP) con versiones de firmware anteriores a 201216, permite a usuarios autenticados ejecutar código arbitrario como root por medio de metacaracteres de shell, una vu... • https://www.exploit-db.com/exploits/50058 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 30%CPEs: 2EXPL: 2CVE-2020-8423
https://notcve.org/view.php?id=CVE-2020-8423
02 Apr 2020 — A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network. Un desbordamiento del búfer en el demonio httpd en los dispositivos TP-Link TL-WR841N versión V10 (versión de firmware 3.16.9), permite a un atacante remoto autenticado ejecutar código arbitrario por medio de una petición GET en la página para la configuración de la red Wi-F... • https://github.com/lnversed/CVE-2020-8423 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 22%CPEs: 2EXPL: 1CVE-2019-17147 – TP-LINK TL-WR841N Web Service http_parser_main Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-17147
26 Nov 2019 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the conte... • https://github.com/DrmnSamoLiu/CVE-2019-17147_Practice_Material • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-12576
https://notcve.org/view.php?id=CVE-2018-12576
02 Jul 2018 — TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. Los dispositivos TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n permiten el secuestro de clicks. • https://software-talk.org/blog/2018/04/tplink-wr841n-clickjacking-https • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-12574 – TP-Link TL-WR841N V13 Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-12574
28 Jun 2018 — CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. Existe CSRF para todas las acciones en la interfaz web en dispositivos TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n. TP-Link TL-WR841N v13 suffers from cross site request forgery vulnerabilities. • https://packetstorm.news/files/id/148349 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-12575 – TP-Link TL-WR841N V13 Insecure Direct Object Reference
https://notcve.org/view.php?id=CVE-2018-12575
28 Jun 2018 — On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. En dispositivos TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n, todas las acciones en la interfaz web se han visto afectadas por una omisión de autenticación mediante una petición HTTP. TP-Link TL-WR841N v13 suffers from an authentication bypass vulnerability via an insecure direct object reference vuln... • https://packetstorm.news/files/id/148351 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 1CVE-2018-12577 – TP-Link TL-WR841N V13 Command Injection
https://notcve.org/view.php?id=CVE-2018-12577
28 Jun 2018 — The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. Las funcionalidades Ping y Traceroute en dispositivos TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n permiten la inyección de comandos ciega autenticada. TP-Link TL-WR841N v13 suffers from a blind command injection vulnerability. • https://packetstorm.news/files/id/148350 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 5%CPEs: 4EXPL: 3CVE-2018-11714
https://notcve.org/view.php?id=CVE-2018-11714
04 Jun 2018 — An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action. Se ha descubierto un problema en los dispositivos TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.586... • https://github.com/mikelkarma/cve-2018-11714_POC • CWE-384: Session Fixation •
CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 1CVE-2012-6276 – TP-Link TL-WA701N / TL-WA701ND - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-6276
26 Jan 2013 — Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter. Vulnerabilidad de salto de directorio en el interfaz de gestión web del router TP-LINK TL-WR841N router con firmware v3.13.9 build 120201 Rel.54965n y anteriores, permite a atacantes remotos leer ficheros arbitrarios a través de un parámetro en la URL. • https://www.exploit-db.com/exploits/24504 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •