CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46325
https://notcve.org/view.php?id=CVE-2024-46325
07 Oct 2024 — TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TP-LINK/WR740N/popupSiteSurveyRpm.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46486
https://notcve.org/view.php?id=CVE-2024-46486
04 Oct 2024 — TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. • https://github.com/fishykz/TP-POC • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46313
https://notcve.org/view.php?id=CVE-2024-46313
30 Sep 2024 — TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TP-LINK/WR-941ND/popupSiteSurveyRpm.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9284 – TP-LINK TL-WR841ND popupSiteSurveyRpm.htm stack-based overflow
https://notcve.org/view.php?id=CVE-2024-9284
27 Sep 2024 — A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has been rated as critical. Affected by this issue is some unknown functionality of the file /userRpm/popupSiteSurveyRpm.htm. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be launched remotely. • https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TP-LINK/WR-841ND/popupSiteSurveyRpm.md • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42815
https://notcve.org/view.php?id=CVE-2024-42815
19 Aug 2024 — In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. • https://gist.github.com/XiaoCurry/14d46e0becd79d9bb9907f2fbe147cfe • CWE-787: Out-of-bounds Write •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4224 – TP-Link TL-SG1016DE XSS
https://notcve.org/view.php?id=CVE-2024-4224
15 Jul 2024 — An authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in an administrator's browser. This issue was fixed in TL-SG1016DE(UN) V7_1.0.1 Build 20240628. Existe un cross-site scripting (XSS) almacenado autenticado en TP-Link TL-SG1016DE que afecta la versión TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, que podría permitir a un adversario ejecutar JavaScript en el navegador d... • https://takeonme.org/cves/CVE-2024-4224.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38471
https://notcve.org/view.php?id=CVE-2024-38471
04 Jul 2024 — Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi. Múltiples productos TP-LINK permiten a un atacante adyacente a la red con privilegios administrativos ejecutar comandos arbitrarios del sistema operativo mediante la restauración de un archivo de copia de seguridad manipulado. El dispositivo afectado,... • https://jvn.jp/en/vu/JVNVU99784493 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21827
https://notcve.org/view.php?id=CVE-2024-21827
25 Jun 2024 — A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. • https://talosintelligence.com/vulnerability_reports/TALOS-2024-1947 • CWE-489: Active Debug Code •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37661
https://notcve.org/view.php?id=CVE-2024-37661
17 Jun 2024 — TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages. TP-LINK TL-7DR5130 v1.0.23 es vulnerable a ataques de mensajes de redireccionamiento ICMP falsificados. Un atacante en la misma WLAN que la víctima puede secuestrar el tráfico entre la víctima y cualquier servidor remoto enviando mensajes de redireccionamiento ICMP falsificado... • https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/tl-7dr5130-redirect.md • CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37662
https://notcve.org/view.php?id=CVE-2024-37662
17 Jun 2024 — TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router. TP-LINK TL-7DR5130 v1.0.23 es vulnerable a TCP DoS o ataques de secuestro. Un atacante en la misma WLAN que la víctima puede desconectar o secuestrar el tráfico entre la víctima y cualquier servidor remoto enviando mensajes TCP RST falsifica... • https://github.com/ouuan/router-vuln-report/blob/master/nat-rst/tl-7dr5130-nat-rst.md • CWE-940: Improper Verification of Source of a Communication Channel •