CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49913
https://notcve.org/view.php?id=CVE-2023-49913
09 Apr 2024 — A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 B... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49912
https://notcve.org/view.php?id=CVE-2023-49912
09 Apr 2024 — A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 ... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49911
https://notcve.org/view.php?id=CVE-2023-49911
09 Apr 2024 — A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Bui... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49910
https://notcve.org/view.php?id=CVE-2023-49910
09 Apr 2024 — A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Bui... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49909
https://notcve.org/view.php?id=CVE-2023-49909
09 Apr 2024 — A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x0045ab38` of the `httpd_portal` binary shipped with... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49908
https://notcve.org/view.php?id=CVE-2023-49908
09 Apr 2024 — A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary shipped wit... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49907
https://notcve.org/view.php?id=CVE-2023-49907
09 Apr 2024 — A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-49906
https://notcve.org/view.php?id=CVE-2023-49906
09 Apr 2024 — A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd_portal` binary shipped with v... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 2CVE-2023-43318 – TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-43318
04 Mar 2024 — TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests. TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 permite a los atacantes escalar privilegios mediante la modificación de los valores 'tid' y 'usrlvl' en las solicitudes GET. TP-Link JetStream Smart Switch TL-SG2210P version 5.0 build 20211201 suffers from a privilege escalation vulnerability. • https://packetstorm.news/files/id/177411 • CWE-284: Improper Access Control •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 2CVE-2023-43482
https://notcve.org/view.php?id=CVE-2023-43482
06 Feb 2024 — A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de ejecución de comandos en la funcionalidad de recursos invitados de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente man... • https://github.com/Mr-xn/CVE-2023-43482 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •