CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-27098
https://notcve.org/view.php?id=CVE-2023-27098
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. TP-Link Tapo APK hasta v2.12.703 utiliza credenciales codificadas para acceder al panel de inicio de sesión. • http://tp-lin.com http://tp-link.com https://github.com/c0d3x27/CVEs/tree/main/CVE-2023-27098 https://www.tp-link.com/support/contact-technical-support/#LiveChat-Support • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34829
https://notcve.org/view.php?id=CVE-2023-34829
Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. El control de acceso incorrecto en TP-Link Tapo anterior a v3.1.315 permite a los atacantes acceder a las credenciales de usuario en texto plano. • https://github.com/SecureScripts/TP-Link_Tapo_Hack • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39471 – TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-39471
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.zerodayinitiative.com/advisories/ZDI-23-1624 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-39610
https://notcve.org/view.php?id=CVE-2023-39610
An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. Un problema en TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) y anteriores permite a los atacantes provocar una Denegación de Servicio (DoS) mediante el suministro de una solicitud web manipulada. • https://github.com/zn9988/publications/tree/main/1.TP-Link%20Tapo%20C100%20-%20HTTP%20Denial-Of-Service • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46520
https://notcve.org/view.php?id=CVE-2023-46520
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle. Se descubrió que TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin contiene un desbordamiento de pila mediante la función uninstallPluginReqHandle. • https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/1/1.md https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 • CWE-787: Out-of-bounds Write •