CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2646
https://notcve.org/view.php?id=CVE-2013-2646
TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability. Los dispositivos TP-LINK TL-WR1043ND versión V1_120405, contienen una vulnerabilidad de denegación de servicio no especificada. • https://www.securityfocus.com/bid/59472 •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 2CVE-2019-16893 – TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot
https://notcve.org/view.php?id=CVE-2019-16893
The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request. La Web Management de dispositivos TP-Link TP-SG105E versión V4 1.0.0 Build 20181120, permite a un atacante no autenticado reiniciar el dispositivo mediante una petición del archivo reboot.cgi. • https://www.exploit-db.com/exploits/47958 https://exploit-db.com/exploits/47958 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2019-19143 – TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)
https://notcve.org/view.php?id=CVE-2019-19143
TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI. Los dispositivos TP-LINK TL-WR849N versión 0.9.1 4.16, no requieren autenticación para reemplazar el firmware por medio de una petición POST en el URI cgi/softup. TP-Link TL-WR849N version 0.9.1 4.16 suffers from a firmware upload authentication bypass vulnerability. • https://www.exploit-db.com/exploits/48152 http://packetstormsecurity.com/files/156586/TP-Link-TL-WR849N-0.9.1-4.16-Authentication-Bypass.html https://fireshellsecurity.team/hack-n-routers • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 0CVE-2019-17147 – TP-LINK TL-WR841N Web Service http_parser_main Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-17147
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. • https://www.tp-link.com/us/support/download/tl-wr841n/#Firmware https://www.zerodayinitiative.com/advisories/ZDI-19-992 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4654
https://notcve.org/view.php?id=CVE-2013-4654
Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. Una vulnerabilidad de Salto de Enlace Simbólico en TP-LINK TL-WDR4300 y TL-1043ND. • https://www.ise.io/casestudies/exploiting-soho-routers https://www.ise.io/soho_service_hacks https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •