CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 3CVE-2021-44827
https://notcve.org/view.php?id=CVE-2021-44827
There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges. Se ha detectado una inyección de comandos del Sistema Operativo autenticado en dispositivos TP-Link Archer C20i 0.9.1 3.2 versión v003a.0 Build 170221 Rel.55462n, mediante el parámetro HTTP X_TP_ExternalIPv6Address, permitiendo a un atacante remoto ejecutar comandos arbitrarios en el router con privilegios de root • https://github.com/full-disclosure/CVE-2021-44827 https://Full-Disclosure.eu https://full-disclosure.eu/reports/2022/CVE-2021-44827-tplink-authenticated-remote-code-execution.html https://www.tp-link.com/us/security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2022-25061
https://notcve.org/view.php?id=CVE-2022-25061
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. Se ha detectado que TP-LINK TL-WR840N(ES)_V6.20_180709 contiene una vulnerabilidad de inyección de comandos por medio del componente oal_setIp6DefaultRoute. • https://github.com/exploitwritter/CVE-2022-25061 http://router.com http://tp-link.com https://east-trowel-102.notion.site/CVE-2021-XXXX-Injection-of-commands-through-object-oal_setIp6DefaultRoute-EN-ddf9c1db199d49829269147ada6cb312 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 3CVE-2022-25064
https://notcve.org/view.php?id=CVE-2022-25064
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. Se ha detectado que TP-LINK TL-WR840N(ES)_V6.20_180709 contiene una vulnerabilidad de ejecución de código remota (RCE) por medio de la función oal_wan6_setIpAddr. • https://github.com/Mr-xn/CVE-2022-25064 https://github.com/exploitwritter/CVE-2022-25064 http://router.com http://tp-link.com https://east-trowel-102.notion.site/CVE-2021-XXXX-rce-via-crafted-payload-in-an-ipv6-address-input-field-hidden-EN-98e24b6f841043fba17ec4627c34f5d1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25062
https://notcve.org/view.php?id=CVE-2022-25062
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Se ha detectado que el TP-LINK TL-WR840N(ES)_V6.20_180709 contiene un desbordamiento de enteros por medio de la función dm_checkString. Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) por medio de una petición HTTP diseñada. • https://github.com/exploitwritter/CVE-2022-25062 http://router.com http://tp-link.com https://east-trowel-102.notion.site/CVE-2021-XXXX-RCE-Integer-Overflow-via-crafted-payload-in-an-DNS-input-field-userDomain-EN-2bc0fafd23224a5a8f86f5f0f9377d3d • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 2CVE-2022-25060
https://notcve.org/view.php?id=CVE-2022-25060
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. Se ha detectado que el TP-LINK TL-WR840N(ES)_V6.20_180709, contenía una vulnerabilidad de inyección de comandos por medio del componente oal_startPing. • https://github.com/exploitwritter/CVE-2022-25060 http://router.com http://tp-link.com https://east-trowel-102.notion.site/CVE-2021-XXXX-Injection-of-commands-through-object-oal_startPing-EN-939c748c5f244504899477114b1ca1cf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •