CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 3CVE-2018-18428 – TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
https://notcve.org/view.php?id=CVE-2018-18428
TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI. Los dispositivos TP-Link TL-SC3130 1.6.18P12_121101 permiten el acceso no autenticado al flujo RTSP, tal y como queda demostrado con un URI /jpg/image.jpg. TP-Link TL-SC3130 version 1.6.18 suffers from an unauthenticated and unauthorized live RTSP stream disclosure. • https://www.exploit-db.com/exploits/45632 https://packetstormsecurity.com/files/149843 https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5497.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15700
https://notcve.org/view.php?id=CVE-2018-15700
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field. La interfaz web en TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 es vulnerable a una denegación de servicio (DoS) cuando un usuario LAN autenticado envía una cabecera HTTP que contiene un campo Referer inesperado. • https://www.tenable.com/security/research/tra-2018-27 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15702
https://notcve.org/view.php?id=CVE-2018-15702
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. La interfaz web en TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 es vulnerable a Cross-Site Request Forgery (CSRF) debido a una validación insuficiente del campo referer. • https://www.tenable.com/security/research/tra-2018-27 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-15701
https://notcve.org/view.php?id=CVE-2018-15701
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field. La interfaz web en TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 es vulnerable a una denegación de servicio (DoS) cuando un usuario LAN autenticado envía una cabecera HTTP que contiene un campo Cookie inesperado. • https://www.tenable.com/security/research/tra-2018-27 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5393 – TP-Link EAP Controller versions 2.5.3 and earlier lack RMI authentication
https://notcve.org/view.php?id=CVE-2018-5393
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode. • http://www.securityfocus.com/bid/105402 https://www.kb.cert.org/vuls/id/581311 • CWE-306: Missing Authentication for Critical Function •