CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2019-12104
https://notcve.org/view.php?id=CVE-2019-12104
14 Aug 2019 — The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities. La interfaz de configuración basada en web del dispositivo TP-Link M7350 versión V3 con versiones de firmware anteriores a 190531, está afectada por varias vulnerabilidades de inyección de comandos posteriores a la autenticación. • https://www.pentestpartners.com/security-blog/cve-2019-12103-analysis-of-a-pre-auth-rce-on-the-tp-link-m7350-with-ghidra • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12103
https://notcve.org/view.php?id=CVE-2019-12103
14 Aug 2019 — The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability. La interfaz de configuración basada en web del dispositivo TP-Link M7350 versión V3 con versiones de firmware anteriores a 190531, está afectada por una vulnerabilidad de inyección de comandos previa a la autenticación. • https://www.pentestpartners.com/security-blog/cve-2019-12103-analysis-of-a-pre-auth-rce-on-the-tp-link-m7350-with-ghidra • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 1CVE-2019-13614
https://notcve.org/view.php?id=CVE-2019-13614
17 Jul 2019 — CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server. CMD_SET_CONFIG_COUNTRY en el protocolo Device Debug de TP-Link en enrutador Archer C1200 de TP-Link versiones 1.0.0 Build 20180502 rel.45702 y anteriores, es propensa a un desbordamiento de búfer en la región s... • https://fakhrizulkifli.github.io/posts/2019/07/15/CVE-2019-13614 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 1CVE-2019-13613
https://notcve.org/view.php?id=CVE-2019-13613
17 Jul 2019 — CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server. CMD_FTEST_CONFIG en el protocolo Device Debug de TP-Link en el enrutador Wireless Router Archer de TP-Link versiones 1.0.0 Build 20180502 rel.45702 (EU) y anteriores, es propensa a un de... • https://fakhrizulkifli.github.io/posts/2019/07/15/CVE-2019-13613 • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 2CVE-2018-16119
https://notcve.org/view.php?id=CVE-2018-16119
20 Jun 2019 — Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (Firmware Version 3) allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm. Un desbordamiento de búfer en la región stack de la memoria en el servidor httpd de TP-Link WR1043nd (versión de firmware 3), permite a los atacantes remotos ejecutar código arbitrario por medio de una petición maliciosa MediaServer a el archivo /userRpm/MediaServerFoldersCfgRpm.htm. • https://github.com/hdbreaker/CVE-2018-16119 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2019-6972
https://notcve.org/view.php?id=CVE-2019-6972
19 Jun 2019 — An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the username is cleartext, and the password is hashed with the MD5 algorithm (after decoding of the URL encoded string with base64). Se descubrió un problema en los dispositivos TP-Link TL-WR1043ND V2. • https://github.com/MalFuzzer/Vulnerability-Research/blob/master/TL-WR1043ND%20V2%20-%20TP-LINK/TL-WR1043ND_PoC.pdf • CWE-326: Inadequate Encryption Strength •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 3CVE-2019-6971 – TP-Link TL-WR1043ND 2 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2019-6971
19 Jun 2019 — An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials. Se detecto un problema en los dispositivos TP-Link TL-WR1043ND V2. Un atacante puede enviar una cookie en un paquete de autenticación HTTP a la interfaz web de administración del enrutador y controlar completamente el enrutador sin el conocimiento de las credenciales. • https://www.exploit-db.com/exploits/47483 •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 2CVE-2019-12195 – TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-12195
21 May 2019 — TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet. Los dispositivos TP-Link TL-WR840N v5 00000005 permiten una vulnerabilidad de tipo XSS por medio del parámetro network name. • https://packetstorm.news/files/id/153027 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2016-10719
https://notcve.org/view.php?id=CVE-2016-10719
15 May 2019 — TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password. Los dispositivos TP-Link Archer CR-700 1.0.6 tienen una vulnerabilidad XSS que se puede introducir en la cuenta de administrador a través de una solicitud DHCP, lo que permite al atacante robar la información de la cookie, que contiene el nombre de usuario y la contra... • https://packetstormsecurity.com/files/138881/TP-Link-Archer-CR-700-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-18489
https://notcve.org/view.php?id=CVE-2018-18489
16 Apr 2019 — The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472. La función ping en la funcionalidad de diagnóstico en TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n podría permitir a los atacantes remotos causar una denegación de servicio (terminación del servicio HTTP) modificando el tamaño del p... • https://youtu.be/VGNEYWR9MgY •