CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 1CVE-2020-24297
https://notcve.org/view.php?id=CVE-2020-24297
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023 httpd en dispositivos TP-Link TL-WPA4220 (versiones 2 hasta 4) permite a usuarios autenticados remotos ejecutar comandos arbitrarios del Sistema Operativo mediante el envío de peticiones POST diseñadas al endpoint /admin/powerline. Versión corregida: TL-WPA4220 (EU) _V4_201023 • https://the-hyperbolic.com/posts/vulnerabilities-in-tlwpa4220 https://www.tp-link.com/us/support/download • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-28005
https://notcve.org/view.php?id=CVE-2020-28005
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023 httpd en dispositivos TP-Link TL-WPA4220 (versiones de hardware 2 hasta 4), permite a unos usuarios autenticados remotos desencadenar un desbordamiento del búfer (causando una denegación de servicio) mediante el envío de una petición POST hacia el endpoint/admin/syslog. Versión corregida: TL-WPA4220(EU) _V4_201023 • https://the-hyperbolic.com/posts/vulnerabilities-in-tlwpa4220 https://www.tp-link.com/us/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 5CVE-2020-28347
https://notcve.org/view.php?id=CVE-2020-28347
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled. tdpServer en dispositivos TP-Link Archer A7 AC1750 versiones anteriores a 201029, permite a atacantes remotos ejecutar código arbitrario mediante el parámetro slave_mac. NOTA: este problema se presenta debido a una corrección incompleta para el CVE-2020-10882 en que las citas de shell se manejan inapropiadamente • https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2019/lao_bomb/lao_bomb.md https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/minesweeper.md https://github.com/rapid7/metasploit-framework/pull/14365 https://github.com/rdomanski/Exploits_and_Advisories/blob/master/advisories/Pwn2Own/Tokyo2019/lao_bomb.md https://github.com/rdomanski/Exploits_and_Advisories/blob/master/advisories/Pwn2Own/Tokyo2020/minesweeper.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2020-5795
https://notcve.org/view.php?id=CVE-2020-5795
UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. Un Seguimiento de Enlace Simbólico (Symlink) de UNIX en TP-Link Archer A7(US)_V5_200721, ??permite a un usuario administrador autenticado, con acceso físico y acceso de red, ejecutar código arbitrario después de conectar una unidad USB diseñada al enrutador • https://www.tenable.com/security/research/tra-2020-60 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-24363 – TP-Link TL-WA855RE V5_200415 - Device Reset Auth Bypass
https://notcve.org/view.php?id=CVE-2020-24363
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. Los dispositivos TP-Link TL-WA855RE versión V5 20200415-rel37464, permiten a un atacante no autenticado (en la misma red) enviar una petición POST TDDP_RESET para un restablecimiento de fábrica y reinicio. El atacante puede entonces obtener un control de acceso incorrecto al establecer una nueva contraseña administrativa • https://www.exploit-db.com/exploits/49092 http://malwrforensics.com/en/2020/08/31/cve-2020-24363-tl-wa855re-v5-advisory https://pastebin.com/VjHM4UiA https://www.tp-link.com/us/support/download/tl-wa855re/#Firmware • CWE-306: Missing Authentication for Critical Function •