CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6316 – TP-LINK TL-WR841N 3.13.9 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-6316
Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. Múltiples vulnerabilidades de XSS en el router TP-LINK TL-WR841N con firmware 3.13.9 Build 120201 Rel.54965n y anteriores permiten a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) username o (2) pwd en userRpm/NoipDdnsRpm.htm. TP-LINK TL-WR841N versions 3.13.9 Build 120201 Rel.54965n and below suffer from a cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2012/Dec/93 http://www.securityfocus.com/bid/56602 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 2CVE-2012-5687 – TP-Link TL-WA701N / TL-WA701ND - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-5687
Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI. Una vulnerabilidad de salto de directorio en la función de administración web del Router TP-LINK TL-WR841N con firmware v3.13.9 build 120201 Rel.54965n y anteriores permite a atacantes remotos leer archivos de su elección a través de un .. (punto punto) en el PATH_INFO a la URI help/. • https://www.exploit-db.com/exploits/24504 http://archives.neohapsis.com/archives/bugtraq/2012-10/0154.html http://packetstormsecurity.org/files/117749/TP-LINK-TL-WR841N-Local-File-Inclusion.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79662 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •