CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27245 – TP-Link Archer A7 Protection Mechanism Failure Firewall Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-27245
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-21-214 • CWE-693: Protection Mechanism Failure •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27246 – TP-Link AC1750 sync-server Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27246
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this vulnerability to execute code in the context of the root user. • https://www.zerodayinitiative.com/advisories/ZDI-21-215 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-27209
https://notcve.org/view.php?id=CVE-2021-27209
In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP. En la interfaz de administración de los dispositivos TP-Link Archer C5v versión 1.7_181221, unas credenciales son enviadas en formato base64 por medio de HTTP de texto sin cifrar • https://gokay.org/tp-link-archer-c5v-base64-cookie • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-27210
https://notcve.org/view.php?id=CVE-2021-27210
TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI. Los dispositivos TP-Link Archer C5v versión 1.7_181221, permiten a atacantes remotos recuperar credenciales de texto sin cifrar por medio de [USER_CFG#0,0,0,0,0,0 # 0,0,0,0,0,0] 0,0 al URI /cgi?1&5 • https://gokay.org/tp-links-archer-c5v-improper-authorization • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35576 – TP-Link TL-WR841N - Command Injection
https://notcve.org/view.php?id=CVE-2020-35576
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577. Un problema de Inyección de Comando en la funcionalidad traceroute en TP-Link TL-WR841N V13 (JP) con versiones de firmware anteriores a 201216, permite a usuarios autenticados ejecutar código arbitrario como root por medio de metacaracteres de shell, una vulnerabilidad diferente a CVE-2018-12577 • https://www.exploit-db.com/exploits/50058 https://jvn.jp/en/vu/JVNVU92444096 https://www.tp-link.com/jp/support/download/tl-wr841n/v13/#Firmware https://www.tp-link.com/us/security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •