CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 3CVE-2021-3275 – TP-Link Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-3275
Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenado no autenticado en múltiples productos de TP-Link, incluyendo WIFI Routers (enrutadores Wireless AC), Access Points, ADSL + DSL Gateways and Routers, que afectan a dispositivos TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, y Archer C3150v2, por medio de la comprobación inapropiada del nombre de host. Algunas de las páginas, incluyendo dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, y qsReview.htm, usan esta función vulnerable de nombre de host (setDefaultHostname()) sin saneamiento. Multiple TP-Link devices suffer from an unauthenticated persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/161989/TP-Link-Cross-Site-Scripting.html https://github.com/smriti548/CVE/blob/main/CVE-2021-3275 https://seclists.org/fulldisclosure/2021/Mar/67 https://www.tp-link.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27245 – TP-Link Archer A7 Protection Mechanism Failure Firewall Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-27245
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-21-214 • CWE-693: Protection Mechanism Failure •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27246 – TP-Link AC1750 sync-server Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-27246
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this vulnerability to execute code in the context of the root user. • https://www.zerodayinitiative.com/advisories/ZDI-21-215 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-27209
https://notcve.org/view.php?id=CVE-2021-27209
In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP. En la interfaz de administración de los dispositivos TP-Link Archer C5v versión 1.7_181221, unas credenciales son enviadas en formato base64 por medio de HTTP de texto sin cifrar • https://gokay.org/tp-link-archer-c5v-base64-cookie • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-27210
https://notcve.org/view.php?id=CVE-2021-27210
TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI. Los dispositivos TP-Link Archer C5v versión 1.7_181221, permiten a atacantes remotos recuperar credenciales de texto sin cifrar por medio de [USER_CFG#0,0,0,0,0,0 # 0,0,0,0,0,0] 0,0 al URI /cgi?1&5 • https://gokay.org/tp-links-archer-c5v-improper-authorization • CWE-312: Cleartext Storage of Sensitive Information •