CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24355 – TP-Link TL-WR940N httpd httpRpmFs Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24355
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name extensions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-22-265 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0162 – Vulnerability in TP-LinK TL-WR841N wireless router
https://notcve.org/view.php?id=CVE-2022-0162
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface. Se presenta una vulnerabilidad en el router inalámbrico TP-Link TL-WR841N versión V11 3.16.9 Build 160325 Rel.62500n, debido a una transmisión de información de autenticación en formato cleartextbase64. Una explotación con éxito de esta vulnerabilidad podría permitir a un atacante remoto interceptar las credenciales y posteriormente llevar a cabo operaciones administrativas en el dispositivo afectado mediante la interfaz de administración basada en web • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0068 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44864
https://notcve.org/view.php?id=CVE-2021-44864
TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter. TP-Link WR886N versión 3.0 1.0.1 Build 150127 Rel.34123n es vulnerable a un desbordamiento del búfer. Los atacantes autenticados pueden bloquear los servicios httpd del router por medio de una petición /userRpm/PingIframeRpm.htm que contiene un redundante & en un parámetro • https://github.com/zhlu32/cve/blob/main/tplink/wr886n/Tplink-wr886n-V3-Ping-DOS.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2021-35003 – TP-Link Archer C90 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35003
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-22-080 • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2021-35004 – TP-Link TL-WA1201 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35004
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-22-081 • CWE-121: Stack-based Buffer Overflow •