CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 4CVE-2018-18428 – TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
https://notcve.org/view.php?id=CVE-2018-18428
17 Oct 2018 — TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI. Los dispositivos TP-Link TL-SC3130 1.6.18P12_121101 permiten el acceso no autenticado al flujo RTSP, tal y como queda demostrado con un URI /jpg/image.jpg. TP-Link TL-SC3130 version 1.6.18 suffers from an unauthenticated and unauthorized live RTSP stream disclosure. • https://packetstorm.news/files/id/149843 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15702
https://notcve.org/view.php?id=CVE-2018-15702
01 Oct 2018 — The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. La interfaz web en TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 es vulnerable a Cross-Site Request Forgery (CSRF) debido a una validación insuficiente del campo referer. • https://www.tenable.com/security/research/tra-2018-27 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15700
https://notcve.org/view.php?id=CVE-2018-15700
01 Oct 2018 — The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field. La interfaz web en TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 es vulnerable a una denegación de servicio (DoS) cuando un usuario LAN autenticado envía una cabecera HTTP que contiene un campo Referer inesperado. • https://www.tenable.com/security/research/tra-2018-27 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15701
https://notcve.org/view.php?id=CVE-2018-15701
01 Oct 2018 — The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field. La interfaz web en TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 es vulnerable a una denegación de servicio (DoS) cuando un usuario LAN autenticado envía una cabecera HTTP que contiene un campo Cookie inesperado. • https://www.tenable.com/security/research/tra-2018-27 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5393 – TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authentication
https://notcve.org/view.php?id=CVE-2018-5393
28 Sep 2018 — The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target s... • http://www.securityfocus.com/bid/105402 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17009
https://notcve.org/view.php?id=CVE-2018-17009
13 Sep 2018 — An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate. Se ha descubierto un problema en dispositivos TP-Link TL-WR886N 6.0 2.3.4 y TL-WR886N 7.0 1.1.0. Los atacantes autenticados pueden provocar el cierre inesperado de los servicios del router (p.ej., inetd, HTTP, DNS y UPnP) mediante datos JSON largos para el isolate inalámbrico wlan_hos... • https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_05/README.md •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17007
https://notcve.org/view.php?id=CVE-2018-17007
13 Sep 2018 — An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_wds_2g ssid. Se ha descubierto un problema en dispositivos TP-Link TL-WR886N 6.0 2.3.4 y TL-WR886N 7.0 1.1.0. Los atacantes autenticados pueden provocar el cierre inesperado de los servicios del router (p.ej., inetd, HTTP, DNS y UPnP) mediante datos JSON largos para el ssid inalámbrico wlan_wds_2g. • https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_03/README.md •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17018
https://notcve.org/view.php?id=CVE-2018-17018
13 Sep 2018 — An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name. Se ha descubierto un problema en dispositivos TP-Link TL-WR886N 6.0 2.3.4 y TL-WR886N 7.0 1.1.0. Los atacantes autenticados pueden provocar el cierre inesperado de los servicios del router (p.ej., inetd, HTTP, DNS y UPnP) mediante datos JSON largos para el nombre time_switch. • https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_14/README.md •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17015
https://notcve.org/view.php?id=CVE-2018-17015
13 Sep 2018 — An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username. Se ha descubierto un problema en dispositivos TP-Link TL-WR886N 6.0 2.3.4 y TL-WR886N 7.0 1.1.0. Los atacantes autenticados pueden provocar el cierre inesperado de los servicios del router (p.ej., inetd, HTTP, DNS y UPnP) mediante datos JSON largos para el nombre de usuario ddns phddns. • https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_11/README.md •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-17005
https://notcve.org/view.php?id=CVE-2018-17005
13 Sep 2018 — An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable. Se ha descubierto un problema en dispositivos TP-Link TL-WR886N 6.0 2.3.4 y TL-WR886N 7.0 1.1.0. Los atacantes autenticados pueden provocar el cierre inesperado de los servicios del router (p.ej., inetd, HTTP, DNS y UPnP) mediante datos JSON largos para el firewall dmz enable. • https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_01/README.md •