CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0162 – Vulnerability in TP-LinK TL-WR841N wireless router
https://notcve.org/view.php?id=CVE-2022-0162
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface. Se presenta una vulnerabilidad en el router inalámbrico TP-Link TL-WR841N versión V11 3.16.9 Build 160325 Rel.62500n, debido a una transmisión de información de autenticación en formato cleartextbase64. Una explotación con éxito de esta vulnerabilidad podría permitir a un atacante remoto interceptar las credenciales y posteriormente llevar a cabo operaciones administrativas en el dispositivo afectado mediante la interfaz de administración basada en web • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0068 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44864
https://notcve.org/view.php?id=CVE-2021-44864
TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter. TP-Link WR886N versión 3.0 1.0.1 Build 150127 Rel.34123n es vulnerable a un desbordamiento del búfer. Los atacantes autenticados pueden bloquear los servicios httpd del router por medio de una petición /userRpm/PingIframeRpm.htm que contiene un redundante & en un parámetro • https://github.com/zhlu32/cve/blob/main/tplink/wr886n/Tplink-wr886n-V3-Ping-DOS.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2021-35003 – TP-Link Archer C90 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35003
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-22-080 • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2021-35004 – TP-Link TL-WA1201 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35004
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-22-081 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-4144
https://notcve.org/view.php?id=CVE-2021-4144
TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. El router wifi TL-WR802N V4(JP) de TP-Link, con versión de firmware anterior a 211202, es vulnerable a una inyección de comandos del Sistema Operativo • https://jvn.jp/en/vu/JVNVU94883311 https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •