CVE-2018-15172 – TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2018-15172
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. Los dispositivos TP-Link WR840N tienen un desbordamiento de búfer mediante una cabecera HTTP Authorization grande.. TP-Link Wireless N Router WR840N suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/45203 https://hackingvila.wordpress.com/2018/08/08/tp-link-buffer-overflow-via-a-long-authorization-http-header-cve-2018-15172 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-14336 – TP-Link TL-WR840N - Denial of Service
https://notcve.org/view.php?id=CVE-2018-14336
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses. Los dispositivos TP-Link WR840N permiten que atacantes remotos provoquen una denegación de servicio (pérdida de conectividad) mediante una serie de paquetes con direcciones MAC aleatorias. • https://www.exploit-db.com/exploits/45064 https://hackingvila.wordpress.com/2018/07/17/cve-2018-14336-tp-link-wireless-n-router-wr840n-vulnerability • CWE-20: Improper Input Validation •
CVE-2018-13134 – TP-Link wireless router Archer C1200 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-13134
TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. Los dispositivos TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU tienen Cross-Site Scripting (XSS) mediante PATH_INFO en el URI /webpages/data. TP-Link Archer C1200 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45970 https://www.xc0re.net/2018/05/25/tp-link-wireless-router-archer-c1200-cross-site-scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-12576
https://notcve.org/view.php?id=CVE-2018-12576
TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. Los dispositivos TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n permiten el secuestro de clicks. • https://software-talk.org/blog/2018/04/tplink-wr841n-clickjacking-https • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2018-12575 – TP-Link TL-WR841N V13 Insecure Direct Object Reference
https://notcve.org/view.php?id=CVE-2018-12575
On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. En dispositivos TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n, todas las acciones en la interfaz web se han visto afectadas por una omisión de autenticación mediante una petición HTTP. TP-Link TL-WR841N v13 suffers from an authentication bypass vulnerability via an insecure direct object reference vulnerability. • https://software-talk.org/blog/2018/06/tplink-wr841n-broken-auth-cve-2018-12575 • CWE-287: Improper Authentication •