CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15057
https://notcve.org/view.php?id=CVE-2020-15057
07 Aug 2020 — TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. Los dispositivos TP-Link USB Network Server TL-PS310U versiones anteriores a 2.079.000.t0210, permiten a un atacante en la misma red denegar el servicio del dispositivo por medio de valores de entrada grandes • https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15056
https://notcve.org/view.php?id=CVE-2020-15056
07 Aug 2020 — TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. Los dispositivos TP-Link USB Network Server TL-PS310U versiones anteriores a 2.079.000.t0210, permiten a un atacante en la misma red conducir ataques de tipo XSS persistentes al aprovechar los privilegios administrativos para establecer un nombre de servidor diseñado • https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15055
https://notcve.org/view.php?id=CVE-2020-15055
07 Aug 2020 — TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. Los dispositivos TP-Link USB Network Server TL-PS310U versiones anteriores a 2.079.000.t0210, permiten a un atacante en la misma red omitir la autenticación por medio de una petición de administración web que carece de un parámetro de contraseña • https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-15054
https://notcve.org/view.php?id=CVE-2020-15054
07 Aug 2020 — TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. Los dispositivos TP-Link USB Network Server TL-PS310U versiones anteriores a 2.079.000.t0210, permiten a un atacante en la misma red elevar los privilegios porque la contraseña administrativa puede ser detectada mediante el rastreo del tráfico UDP no cifrado • https://research.hisolutions.com/2020/05/critical-vulnerabilites-in-multiple-usb-network-servers • CWE-319: Cleartext Transmission of Sensitive Information CWE-522: Insufficiently Protected Credentials •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 1CVE-2020-14965
https://notcve.org/view.php?id=CVE-2020-14965
23 Jun 2020 — On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator. En los dispositivos TP-Link TL-WR740N versión v4 y TL-WR740ND versión v4, un atacante con acceso al panel de administración puede inyectar código HTML y cam... • https://github.com/g-rubert/CVE-2020-14965 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 2CVE-2020-13224 – TP-LINK Cloud Cameras NCXXX Stack Overflow
https://notcve.org/view.php?id=CVE-2020-13224
16 Jun 2020 — TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow Dispositivos TP-LINK NC200 versiones hasta 2.1.10 build 200401, dispositivos NC210 versiones hasta 1.0.10 build 200401, dispositivos NC220 versiones hasta 1.3.1 build 200401, disposi... • https://packetstorm.news/files/id/158115 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 1%CPEs: 220EXPL: 3CVE-2020-12695 – hostapd: UPnP SUBSCRIBE misbehavior in WPS AP
https://notcve.org/view.php?id=CVE-2020-12695
08 Jun 2020 — The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. La especificación UPnP de Open Connectivity Foundation antes del 17-04-2020 no prohíbe la aceptación de una petición de suscripción con una URL de entrega en un segmento de red diferente a la URL de suscripción de evento totalmente calificada, también se co... • https://packetstorm.news/files/id/158051 • CWE-276: Incorrect Default Permissions CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12475
https://notcve.org/view.php?id=CVE-2020-12475
04 May 2020 — TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. TP-Link Omada Controller Software versión 3.2.6, permite un Salto de Directorio para leer archivos arbitrarios por medio de la función com.tp_link.eap.web.portal.PortalController.getAdvertiseFile en el archivo /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. • https://sovietw0rm.wordpress.com/2020/04/29/tp-link-omada-controller-directory-traversal-vulnerability • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 31EXPL: 3CVE-2020-12110 – TP-LINK Cloud Cameras NCXXX Hardcoded Encryption Key
https://notcve.org/view.php?id=CVE-2020-12110
01 May 2020 — Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. Determinados dispositivos TP-Link tienen una Clave de Cifrado Embebida. Esto afecta a NC200 versión 2.1.9 build 200225, N210 versión 1.0.9 build 200304, NC220 versión 1.3.0 build 200304, NC230 versión 1.3.0 build 200304, NC250 versión 1.3.0 build 200304, NC... • https://packetstorm.news/files/id/157532 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 96%CPEs: 31EXPL: 5CVE-2020-12109 – TP-LINK Cloud Cameras NCXXX Bonjour Command Injection
https://notcve.org/view.php?id=CVE-2020-12109
01 May 2020 — Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. Ciertos dispositivos TP-Link permiten una inyección de comandos. Esto afecta a NC200 versión 2.1.9 build 200225, NC210 versión 1.0.9 build 200304, NC220 versión 1.3.0 build 200304, NC230 versión 1.3.0 build 200304, NC250 versión 1.3.0 build 200304, NC260 versión 1... • https://packetstorm.news/files/id/157531 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •