CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2013-2645 – TP-Link TL-WR1043N Router - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-2645
06 Oct 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRp... • https://www.exploit-db.com/exploits/38492 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6316
https://notcve.org/view.php?id=CVE-2012-6316
30 Sep 2014 — Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. Múltiples vulnerabilidades de XSS en el router TP-LINK TL-WR841N con firmware 3.13.9 Build 120201 Rel.54965n y anteriores permiten a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro... • http://seclists.org/fulldisclosure/2012/Dec/93 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 3CVE-2014-4728 – TP-LINK WDR4300 XSS / Denial of Service
https://notcve.org/view.php?id=CVE-2014-4728
22 Sep 2014 — The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request. El servidor web en el router TP-LINK N750 Wireless Dual Band Gigabit (TL-WDR4300) con firmware anterior a 140916 permite a atacantes remotos causar una denegación de servicio (caída) a través de una cabecera larga en una solicitud GET. TP-LINK WDR4300 suffers from cross site scripting and denial of servi... • https://packetstorm.news/files/id/128343 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2014-4727 – TP-LINK WDR4300 XSS / Denial of Service
https://notcve.org/view.php?id=CVE-2014-4727
22 Sep 2014 — Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request. Vulnerabilidad de XSS en la página de clientes DHCP en el router TP-LINK N750 Wireless Dual Band Gigabit (TL-WDR4300) con firmware anterior a 140916 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del nombre ... • https://packetstorm.news/files/id/128343 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 2CVE-2013-6786
https://notcve.org/view.php?id=CVE-2013-6786
16 Jan 2014 — Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sou... • http://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 3CVE-2013-2580 – TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-2580
31 Jul 2013 — Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file in the mnt/mtd directory. Vulnerabilidad de subida de ficheros sin restricción en cgi-bin/uploadfile de TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, y posiblemente otros modelos anteriores al fi... • https://packetstorm.news/files/id/122616 •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 3CVE-2013-2579 – TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-2579
31 Jul 2013 — TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session. Las cámaras IP TP-Link TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, y posiblemente otros modelos anteriores al firmware beta LM.1.6.18P12_sign6 tienen una contraseña vacía para la cuenta incrustada en el código "qmik", lo que permite a ata... • https://packetstorm.news/files/id/122616 • CWE-255: Credentials Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 3CVE-2013-2581 – TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-2581
31 Jul 2013 — cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action. cgi-bin/firmwareupgrade en cámaras IP TP-Link TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G y posiblemente en otros modelos anteriores al firmware beta LM.1.6.18P12_sign6 permite a atacantes remotos modificar la revisión del firmware a través de una acción "preset". Core Secu... • https://packetstorm.news/files/id/122616 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 3%CPEs: 5EXPL: 3CVE-2013-2578 – TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-2578
31 Jul 2013 — cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters. cgi-bin/admin/servetest en cámaras IP TP-Link TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G y posiblemente otros modelos anteriores al firmware beta LM.1.6.18P12_sign6 permite a atacantes remotos ejecutar c... • https://packetstorm.news/files/id/122616 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 2CVE-2013-3688 – TP-LINK TL-SC3171 Authentication Bypass
https://notcve.org/view.php?id=CVE-2013-3688
13 Jun 2013 — The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative functions, which allows remote attackers to (1) cause a denial of service (device reboot) via a request to cgi-bin/reboot or (2) cause a denial of service (reboot and reset to factory defaults) via a request to cgi-bin/hardfactorydefault. Las cámaras IP TP-Link TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, y posibl... • https://packetstorm.news/files/id/122007 • CWE-264: Permissions, Privileges, and Access Controls •