CVSS: 9.8EPSS: 0%CPEs: 32EXPL: 0CVE-2020-28877
https://notcve.org/view.php?id=CVE-2020-28877
Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N. Un desbordamiento del búfer en la función copy_msg_element para el servidor devDiscoverHandle en las series TP-Link WR y WDR, incluyendo WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N • https://exchange.xforce.ibmcloud.com/vulnerabilities/192112 https://github.com/peanuts62/TP-Link-poc • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 1CVE-2020-24297
https://notcve.org/view.php?id=CVE-2020-24297
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023 httpd en dispositivos TP-Link TL-WPA4220 (versiones 2 hasta 4) permite a usuarios autenticados remotos ejecutar comandos arbitrarios del Sistema Operativo mediante el envío de peticiones POST diseñadas al endpoint /admin/powerline. Versión corregida: TL-WPA4220 (EU) _V4_201023 • https://the-hyperbolic.com/posts/vulnerabilities-in-tlwpa4220 https://www.tp-link.com/us/support/download • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-28005
https://notcve.org/view.php?id=CVE-2020-28005
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023 httpd en dispositivos TP-Link TL-WPA4220 (versiones de hardware 2 hasta 4), permite a unos usuarios autenticados remotos desencadenar un desbordamiento del búfer (causando una denegación de servicio) mediante el envío de una petición POST hacia el endpoint/admin/syslog. Versión corregida: TL-WPA4220(EU) _V4_201023 • https://the-hyperbolic.com/posts/vulnerabilities-in-tlwpa4220 https://www.tp-link.com/us/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 5%CPEs: 2EXPL: 5CVE-2020-28347
https://notcve.org/view.php?id=CVE-2020-28347
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled. tdpServer en dispositivos TP-Link Archer A7 AC1750 versiones anteriores a 201029, permite a atacantes remotos ejecutar código arbitrario mediante el parámetro slave_mac. NOTA: este problema se presenta debido a una corrección incompleta para el CVE-2020-10882 en que las citas de shell se manejan inapropiadamente • https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2019/lao_bomb/lao_bomb.md https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2020/minesweeper.md https://github.com/rapid7/metasploit-framework/pull/14365 https://github.com/rdomanski/Exploits_and_Advisories/blob/master/advisories/Pwn2Own/Tokyo2019/lao_bomb.md https://github.com/rdomanski/Exploits_and_Advisories/blob/master/advisories/Pwn2Own/Tokyo2020/minesweeper.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2020-5795
https://notcve.org/view.php?id=CVE-2020-5795
UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. Un Seguimiento de Enlace Simbólico (Symlink) de UNIX en TP-Link Archer A7(US)_V5_200721, ??permite a un usuario administrador autenticado, con acceso físico y acceso de red, ejecutar código arbitrario después de conectar una unidad USB diseñada al enrutador • https://www.tenable.com/security/research/tra-2020-60 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •