CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2021-35004 – TP-Link TL-WA1201 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35004
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-22-081 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-4144
https://notcve.org/view.php?id=CVE-2021-4144
TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. El router wifi TL-WR802N V4(JP) de TP-Link, con versión de firmware anterior a 211202, es vulnerable a una inyección de comandos del Sistema Operativo • https://jvn.jp/en/vu/JVNVU94883311 https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41451
https://notcve.org/view.php?id=CVE-2021-41451
A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack. Una configuración errónea en HTTP/1.0 y HTTP/1.1 de la interfaz web en TP-Link AX10v1 antes de V1_211117 permite que un atacante remoto no autenticado envíe una solicitud HTTP especialmente diseñada y reciba una respuesta HTTP/0.9 mal configurada, lo que podría conducir a un ataque de envenenamiento de caché • http://ax10v1.com http://tp-link.com https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41450
https://notcve.org/view.php?id=CVE-2021-41450
An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. Un ataque de contrabando de peticiones HTTP en TP-Link AX10v1 versiones anteriores a v1_211117, permite a un atacante remoto no autenticado hacer DoS a la aplicación web por medio del envío de un paquete HTTP específico • http://ax10v1.com http://tp-link.com https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40288
https://notcve.org/view.php?id=CVE-2021-40288
A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames Un ataque de denegación de servicio en los métodos de autenticación WPA2 y WPA3-SAE en TP-Link AX10v1 versiones anteriores a V1_211014, permite a un atacante remoto no autenticado desconectar un cliente inalámbrico ya conectado por medio del envío con un adaptador inalámbrico de tramas de autenticación falsas específicas • https://www.tp-link.com/us/support/download/archer-ax10/v1/#Firmware • CWE-290: Authentication Bypass by Spoofing •