CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41783
https://notcve.org/view.php?id=CVE-2022-41783
tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function. tdpServer de TP-Link RE300 V1 procesa incorrectamente su entrada, lo que puede permitir que un atacante cause una condición de Denegación de Servicio (DoS) de la función OneMesh del producto. • https://jvn.jp/en/jp/JVN29657972/index.html https://www.tp-link.com/en/support/download/re300/v1/#Firmware •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-4296 – TP-Link TL-WR740N ARP resource consumption
https://notcve.org/view.php?id=CVE-2022-4296
A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.214812 https://www.youtube.com/watch?v=D--fb-cesmA • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43635 – TP-Link TL-WR940N httpd Incorrect Implementation of Authentication Algorithm Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-43635
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the incorrect implementation of the authentication algorithm. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. • https://www.zerodayinitiative.com/advisories/ZDI-22-1615 • CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43636 – TP-Link TL-WR940N httpd Use of Insufficiently Random Values Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-43636
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of sufficient randomness in the sequnce numbers used for session managment. An attacker can leverage this vulnerability to bypass authentication on the system. • https://www.zerodayinitiative.com/advisories/ZDI-22-1614 • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42433 – TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-42433
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_V14_220121 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-22-1466 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •