CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10881 – TP-Link Archer A7 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-10881
25 Mar 2020 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. • https://www.zerodayinitiative.com/advisories/ZDI-20-333 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2020-10886 – TP-Link Archer A7 tmpServer Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-10886
25 Mar 2020 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the curren... • https://www.zerodayinitiative.com/advisories/ZDI-20-339 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10887 – TP-Link Archer A7 Protection Mechanism Failure Firewall Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-10887
25 Mar 2020 — This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-20-338 • CWE-693: Protection Mechanism Failure •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10888 – TP-Link Archer A7 SSH Port Forwarding Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2020-10888
25 Mar 2020 — This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally prot... • https://www.zerodayinitiative.com/advisories/ZDI-20-340 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 68%CPEs: 2EXPL: 5CVE-2020-9374 – TP LINK TL-WR849N - Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-9374
24 Feb 2020 — On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature. En los dispositivos TP-Link TL-WR849N versión 0.9.1 4.16, una vulnerabilidad de ejecución de comandos remota en el área de diagnóstico puede ser explotada cuando un atacante envía metacaracteres de shell específicos hacia la funcionalidad traceroute del panel. TP-Link TL-WR849N suffers from a remote ... • https://packetstorm.news/files/id/156584 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2646
https://notcve.org/view.php?id=CVE-2013-2646
03 Feb 2020 — TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability. Los dispositivos TP-LINK TL-WR1043ND versión V1_120405, contienen una vulnerabilidad de denegación de servicio no especificada. • https://www.securityfocus.com/bid/59472 •
CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 2CVE-2019-16893 – TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot
https://notcve.org/view.php?id=CVE-2019-16893
03 Feb 2020 — The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request. La Web Management de dispositivos TP-Link TP-SG105E versión V4 1.0.0 Build 20181120, permite a un atacante no autenticado reiniciar el dispositivo mediante una petición del archivo reboot.cgi. • https://www.exploit-db.com/exploits/47958 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 4CVE-2019-19143 – TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
https://notcve.org/view.php?id=CVE-2019-19143
27 Jan 2020 — TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI. Los dispositivos TP-LINK TL-WR849N versión 0.9.1 4.16, no requieren autenticación para reemplazar el firmware por medio de una petición POST en el URI cgi/softup. TP-Link TL-WR849N version 0.9.1 4.16 suffers from a firmware upload authentication bypass vulnerability. • https://packetstorm.news/files/id/156586 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 1CVE-2019-17147 – TP-LINK TL-WR841N Web Service http_parser_main Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-17147
26 Nov 2019 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the conte... • https://github.com/DrmnSamoLiu/CVE-2019-17147_Practice_Material • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4654
https://notcve.org/view.php?id=CVE-2013-4654
13 Nov 2019 — Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. Una vulnerabilidad de Salto de Enlace Simbólico en TP-LINK TL-WDR4300 y TL-1043ND. • https://www.ise.io/casestudies/exploiting-soho-routers • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •