CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-21773
https://notcve.org/view.php?id=CVE-2024-21773
10 Jan 2024 — Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings. Múltiples productos TP-LINK permiten que un atacante no autenticado adyacente a la red con acceso al producto ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: Versiones de firmware Archer AX30... • https://jvn.jp/en/vu/JVNVU91401812 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50224 – TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-50224
19 Dec 2023 — TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. • https://www.tp-link.com/en/support/download/tl-wr841n/v12/#Firmware • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50225 – TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50225
19 Dec 2023 — TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • https://www.tp-link.com/ca/support/download/tl-wr902ac/v3/#Firmware • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44447 – TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-44447
14 Nov 2023 — TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. • https://www.zerodayinitiative.com/advisories/ZDI-23-1623 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-39610
https://notcve.org/view.php?id=CVE-2023-39610
31 Oct 2023 — An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. Un problema en TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) y anteriores permite a los atacantes provocar una Denegación de Servicio (DoS) mediante el suministro de una solicitud web manipulada. • https://github.com/zn9988/publications/tree/main/1.TP-Link%20Tapo%20C100%20-%20HTTP%20Denial-Of-Service • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46539
https://notcve.org/view.php?id=CVE-2023-46539
25 Oct 2023 — TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. Se descubrió que TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin contiene un desbordamiento de pila a través de la función RegisterRequestHandle. • https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/8/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46535
https://notcve.org/view.php?id=CVE-2023-46535
25 Oct 2023 — TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister. Se descubrió que TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin contiene un desbordamiento de pila a través de la función getResetVeriRegister. • https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/6/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46526
https://notcve.org/view.php?id=CVE-2023-46526
25 Oct 2023 — TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister. Se descubrió que TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin contiene un desbordamiento de pila a través de la función resetCloudPwdRegister. • https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/10/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46527
https://notcve.org/view.php?id=CVE-2023-46527
25 Oct 2023 — TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function bindRequestHandle. Se descubrió que TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin contiene un desbordamiento de pila a través de la función bindRequestHandle. TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle. • https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/13/1.md • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46538
https://notcve.org/view.php?id=CVE-2023-46538
25 Oct 2023 — TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister. Se descubrió que TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin contiene un desbordamiento de pila a través de la función chkResetVeriRegister. • https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/4/1.md • CWE-787: Out-of-bounds Write •