CVSS: 9.0EPSS: 0%CPEs: 110EXPL: 1CVE-2017-16958
https://notcve.org/view.php?id=CVE-2017-16958
27 Nov 2017 — TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd. Los dispositivos TP-Link TL-WVR, TL-WAR, TL-ER y TL-R permiten que usuarios autenticados remotos ejecuten comandos arbitrarios mediante metacaracteres shell en el campo t_bindif de un comando admin/bridge en cg... • https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkBridgeAuthenticatedRCE.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 2%CPEs: 110EXPL: 1CVE-2017-16959
https://notcve.org/view.php?id=CVE-2017-16959
27 Nov 2017 — The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd. La característica locale en cgi-bin/luci en dispositivos TP-Link TL-WVR, TL-WAR, TL-ER y TL-R permite que... • https://github.com/coincoin7/Wireless-Router-Vulnerability/blob/master/TplinkLocalePathDisclosure.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 66%CPEs: 2EXPL: 4CVE-2017-13772 – TP-Link WDR4300 - Remote Code Execution (Authenticated)
https://notcve.org/view.php?id=CVE-2017-13772
21 Oct 2017 — Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm. Múltiples desbordamientos de búfer basados en pila en routers WiFi TP-Link WR940N con la versión 4 de hardware permiten que usuarios autenticados remotos ejecuten código arbitrario mediante (1) el parámetro ping_addr en PingIframeRpm.htm o (2) el... • https://packetstorm.news/files/id/158999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2017-15291 – TP-Link TL-MR3220 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15291
20 Oct 2017 — Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field. Vulnerabilidad de Cross-Site Scripting (XSS) en la página Wireless MAC Filtering en los routers inalámbricos TP-LINK TL-MR3220 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el campo Description. • https://www.exploit-db.com/exploits/43023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2017-11519
https://notcve.org/view.php?id=CVE-2017-11519
21 Jul 2017 — passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511. El archivo passwd_recovery.lua en TP-Link Archer versión C9 (UN) _V2_160517, permite a un atacante restablecer la contraseña de administrador al aprovechar un seed generador de números aleatorios predecible. Esto se soluciona en versión C9 (UN) _V2_170511. • https://github.com/vakzz/tplink-CVE-2017-11519 • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10796
https://notcve.org/view.php?id=CVE-2017-10796
02 Jul 2017 — On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. En los dispositivos NC250 con firmware hasta la versión 1.2.1 build 170515 de TP-Link, cualquier persona puede visualizar vídeo y audio sin identificación por medio de una URL rtsp://admin@yourip:554/h264_hd.sdp. • https://gist.github.com/elbauldelgeek/8f0f24c582f43f51a34b34420a385d75 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-9466
https://notcve.org/view.php?id=CVE-2017-9466
26 Jun 2017 — The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuration service tddp via the LAN and Ath0 (Wi-Fi) interfaces. El httpd ejecutable en el router TP-Link WR841N V8, en versiones anteriores a la TL-WR841N(UN)_V8_170210, contiene un fallo de diseño en el uso de DES para... • http://blog.senr.io/blog/cve-2017-9466-why-is-my-router-blinking-morse-code • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2017-8219
https://notcve.org/view.php?id=CVE-2017-8219
25 Apr 2017 — TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. Los dispositivos TP-Link C2 y C20i a través del firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n permiten hacer DoSing vía servidor HTTP a través de una Cookie de cabecera para /cgi /ansi URI. • https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2017-8218
https://notcve.org/view.php?id=CVE-2017-8218
25 Apr 2017 — vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password. Vsftpd en los dispositivos TP-Link C2 y C20i a través del firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n tiene una cuenta de administrador de puerta trasera con la contraseña 1234, una cuenta de invitado de puerta trasera con la contraseña de invitado y un... • https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2017-8217
https://notcve.org/view.php?id=CVE-2017-8217
25 Apr 2017 — TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. Los dispositivos TP-Link C2 y C20i a través del firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n tienen reglas iptables demasiado permisivas, por ejemplo, SNMP no está bloqueado en ninguna interfaz. • https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html • CWE-862: Missing Authorization •