CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26639
https://notcve.org/view.php?id=CVE-2022-26639
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. Se ha detectado que TP-LINK TL-WR840N(ES) versión V6.20, contenía un desbordamiento de búfer por medio del parámetro DNSServers • https://github.com/Quadron-Research-Lab/Hardware-IoT/blob/main/tp-link%20tl-wr840n_DNSServers%3D.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2022-25061
https://notcve.org/view.php?id=CVE-2022-25061
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. Se ha detectado que TP-LINK TL-WR840N(ES)_V6.20_180709 contiene una vulnerabilidad de inyección de comandos por medio del componente oal_setIp6DefaultRoute. • https://github.com/exploitwritter/CVE-2022-25061 http://router.com http://tp-link.com https://east-trowel-102.notion.site/CVE-2021-XXXX-Injection-of-commands-through-object-oal_setIp6DefaultRoute-EN-ddf9c1db199d49829269147ada6cb312 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 3CVE-2022-25064
https://notcve.org/view.php?id=CVE-2022-25064
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. Se ha detectado que TP-LINK TL-WR840N(ES)_V6.20_180709 contiene una vulnerabilidad de ejecución de código remota (RCE) por medio de la función oal_wan6_setIpAddr. • https://github.com/Mr-xn/CVE-2022-25064 https://github.com/exploitwritter/CVE-2022-25064 http://router.com http://tp-link.com https://east-trowel-102.notion.site/CVE-2021-XXXX-rce-via-crafted-payload-in-an-ipv6-address-input-field-hidden-EN-98e24b6f841043fba17ec4627c34f5d1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25062
https://notcve.org/view.php?id=CVE-2022-25062
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Se ha detectado que el TP-LINK TL-WR840N(ES)_V6.20_180709 contiene un desbordamiento de enteros por medio de la función dm_checkString. Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) por medio de una petición HTTP diseñada. • https://github.com/exploitwritter/CVE-2022-25062 http://router.com http://tp-link.com https://east-trowel-102.notion.site/CVE-2021-XXXX-RCE-Integer-Overflow-via-crafted-payload-in-an-DNS-input-field-userDomain-EN-2bc0fafd23224a5a8f86f5f0f9377d3d • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 2CVE-2022-25060
https://notcve.org/view.php?id=CVE-2022-25060
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. Se ha detectado que el TP-LINK TL-WR840N(ES)_V6.20_180709, contenía una vulnerabilidad de inyección de comandos por medio del componente oal_startPing. • https://github.com/exploitwritter/CVE-2022-25060 http://router.com http://tp-link.com https://east-trowel-102.notion.site/CVE-2021-XXXX-Injection-of-commands-through-object-oal_startPing-EN-939c748c5f244504899477114b1ca1cf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •