CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 1CVE-2017-8220
https://notcve.org/view.php?id=CVE-2017-8220
25 Apr 2017 — TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data. Los dispositivos TP-Link C2 y C20i a través del firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n permiten la ejecución remota de código con una sola petición HTTP colocando comandos shell en una línea "host =" dentro de los datos HTTP POST. • https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8074
https://notcve.org/view.php?id=CVE-2017-8074
23 Apr 2017 — On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. On TP-Link TL-SG108E 1.0, un atacante remoto podría recuperar las credenciales de las líneas de registro de "SEND data" donde las contraseñas están codificadas en hexadecimal. Esto afecta al firmware 1.1.2 Build 20141017 Rel.50749. • http://www.securityfocus.com/bid/97981 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8075
https://notcve.org/view.php?id=CVE-2017-8075
23 Apr 2017 — On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. En el TP-Link TL-SG108E 1.0, un atacante remoto podría recuperar las credenciales de las líneas de registro de "Switch Info" donde las contraseñas están en texto sin cifrar. Esto afecta al firmware 1.1.2 Build 20141017 Rel.50749. • http://www.securityfocus.com/bid/97983 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8077
https://notcve.org/view.php?id=CVE-2017-8077
23 Apr 2017 — On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. En TP-Link TL-SG108E 1.0, hay una clave de cifrado codificada (una cadena larga que comienza con Ei2HNryt). Esto afecta al firmware 1.1.2 Build 20141017 Rel.50749 • https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8076
https://notcve.org/view.php?id=CVE-2017-8076
23 Apr 2017 — On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. En TP-Link TL-SG108E 1.0, las comunicaciones de red de administración están codificadas en RC4, aunque RC4 está obsoleto. Esto afecta al firmware 1.1.2 Build 20141017 Rel.50749. • https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link • CWE-326: Inadequate Encryption Strength •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8078
https://notcve.org/view.php?id=CVE-2017-8078
23 Apr 2017 — On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. En TP-Link TL-SG108E versión 1.0, el proceso de actualización se puede solicitar de forma remota sin autenticación (httpupg.cgi con un parámetro llamado cmd). Esto afecta al firmware 1.1.2 Build 20141017 Rel.50749. • http://www.securityfocus.com/bid/97985 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1000009
https://notcve.org/view.php?id=CVE-2016-1000009
06 Oct 2016 — TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices. TP-LINK pierde control de dos dominios, www.tplinklogin.net y tplinkextender.net. Tenga en cuenta que estos dominios se imprimen físicamente en muchos de los dispositivos. • http://seclists.org/bugtraq/2016/Jul/3 • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 94%CPEs: 26EXPL: 5CVE-2015-3035 – TP-Link Multiple Archer Devices Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2015-3035
10 Apr 2015 — Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot)... • https://packetstorm.news/files/id/180649 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9510 – TP-Link TL-WR840N Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-9510
08 Jan 2015 — Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. Vulnerabilidad de CSRF en la consola de administración en el router TP-Link TL-WR840N (V1) con firmware anterior a 3.13.27 build 141120 permite a atacantes remotos secuestrar la autenticación de administradores par... • http://seclists.org/fulldisclosure/2015/Jan/14 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 57%CPEs: 4EXPL: 2CVE-2014-9350 – TP-Link TL-WR740N - Denial of Service
https://notcve.org/view.php?id=CVE-2014-9350
08 Dec 2014 — TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm. TP-Link TL-WR740N 4 con firmware 3.17.0 Build 140520, 3.16.6 Build 130529, y 3.16.4 Build 130205 permite a atacantes remotos causar una denegación de servicio (caída de httpd) a través de vectores que involucran un valor 'nuevo' en el parámetro isNew en PingIframe... • https://www.exploit-db.com/exploits/35345 • CWE-19: Data Processing Errors •