CVSS: 10.0EPSS: 20%CPEs: 4EXPL: 2CVE-2018-11714
https://notcve.org/view.php?id=CVE-2018-11714
04 Jun 2018 — An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action. Se ha descubierto un problema en los dispositivos TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.586... • http://blog.securelayer7.net/time-to-disable-tp-link-home-wifi-router • CWE-384: Session Fixation •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-11481
https://notcve.org/view.php?id=CVE-2018-11481
30 May 2018 — TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters. Los dispositivos TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-* y TL-IPC40A-4 permiten la ejecución remota de código mediante datos JSON manipulados debido a que /usr/lib/lua/luci/torchlight/validator.lua no bloquea varios caracteres de puntuación. • https://github.com/yough3rt/IOT-pwn-for-fun/blob/master/TP-LINK-websys-Authenticated-RCE • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-11482
https://notcve.org/view.php?id=CVE-2018-11482
30 May 2018 — /usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. /usr/lib/lua/luci/websys.lua en dispositivos TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-* y TL-IPC40A-4 tiene una contraseña zMiVw8Kw0oxKXL0 embebida. • https://github.com/yough3rt/IOT-pwn-for-fun/blob/master/TP-LINK-login-Escalation-of-Privileges • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2018-10167 – TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
https://notcve.org/view.php?id=CVE-2018-10167
03 May 2018 — The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows. El archivo de copia de seguridad de la aplicación web en TP-Link EAP Controller y Omada Controller en versiones 2.5.4_Windows/2.6.0_Windows... • https://packetstorm.news/files/id/147495 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2018-10165 – TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
https://notcve.org/view.php?id=CVE-2018-10165
03 May 2018 — Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows. Vulnerabilidad Cross-Site Scripting (XSS) persistente en TP-Link EAP Controller y Omada Controller en versiones 2.5.4_Windows/2.6.0_Windows permite que atacantes autenticados inyecten scripts web o... • https://packetstorm.news/files/id/147495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2CVE-2018-10164 – TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
https://notcve.org/view.php?id=CVE-2018-10164
03 May 2018 — Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows. Vulnerabilidad Cross-Site Scripting (XSS) persistente en TP-Link EAP Controller y Omada Controller en versiones 2.5.4_Windows/2.6.0_Windows permite que atacantes autenticados inyecten scripts web o HTML ar... • https://packetstorm.news/files/id/147495 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-10166 – TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
https://notcve.org/view.php?id=CVE-2018-10166
03 May 2018 — The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows. La interfaz web de gestión en TP-Link EAP Controller y Omada Controller en versiones 2.5.4_Windows/2.6.0_Windows no tiene tokens Anti-CSRF en ningún formulario. Esto permitiría que un ... • https://packetstorm.news/files/id/147495 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-10168 – TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
https://notcve.org/view.php?id=CVE-2018-10168
03 May 2018 — TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows. TP-Link EAP Controller y Omada Controller en versiones 2.5.4_Windows/2.6.0_Windows no controlan los privilegios para el uso de la API web, lo que permite que un usuario con pocos privilegios realice cualquier petición como Administrador. Esto se ha solucionado en la v... • https://packetstorm.news/files/id/147495 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 76EXPL: 3CVE-2017-15616 – TP-Link Remote Command Injection
https://notcve.org/view.php?id=CVE-2017-15616
11 Jan 2018 — TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file. Los dispositivos TP-Link WVR, WAR y ER permiten que administradores autenticados remotos ejecuten comandos arbitrarios mediante inyección de comandos en la variable new-interface en el archivo phddns.lua. Many TP-Link products suffer from multiple authenticated remote command injection vulnerabilities. • https://packetstorm.news/files/id/145823 •
CVSS: 9.0EPSS: 0%CPEs: 76EXPL: 3CVE-2017-15627 – TP-Link Remote Command Injection
https://notcve.org/view.php?id=CVE-2017-15627
11 Jan 2018 — TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file. Los dispositivos TP-Link WVR, WAR y ER permiten que administradores autenticados remotos ejecuten comandos arbitrarios mediante inyección de comandos en la variable new-pns en el archivo pptp_client.lua. Many TP-Link products suffer from multiple authenticated remote command injection vulnerabilities. • https://packetstorm.news/files/id/145823 •