CVE-2018-17011
https://notcve.org/view.php?id=CVE-2018-17011
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun. Se ha descubierto un problema en dispositivos TP-Link TL-WR886N 6.0 2.3.4 y TL-WR886N 7.0 1.1.0. Los atacantes autenticados pueden provocar el cierre inesperado de los servicios del router (p.ej., inetd, HTTP, DNS y UPnP) mediante datos JSON largos para hosts_info para sun. • https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_07/README.md •
CVE-2018-15172 – TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2018-15172
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. Los dispositivos TP-Link WR840N tienen un desbordamiento de búfer mediante una cabecera HTTP Authorization grande.. TP-Link Wireless N Router WR840N suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/45203 https://hackingvila.wordpress.com/2018/08/08/tp-link-buffer-overflow-via-a-long-authorization-http-header-cve-2018-15172 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-14336 – TP-Link TL-WR840N - Denial of Service
https://notcve.org/view.php?id=CVE-2018-14336
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses. Los dispositivos TP-Link WR840N permiten que atacantes remotos provoquen una denegación de servicio (pérdida de conectividad) mediante una serie de paquetes con direcciones MAC aleatorias. • https://www.exploit-db.com/exploits/45064 https://hackingvila.wordpress.com/2018/07/17/cve-2018-14336-tp-link-wireless-n-router-wr840n-vulnerability • CWE-20: Improper Input Validation •
CVE-2018-13134 – TP-Link wireless router Archer C1200 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-13134
TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. Los dispositivos TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU tienen Cross-Site Scripting (XSS) mediante PATH_INFO en el URI /webpages/data. TP-Link Archer C1200 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/45970 https://www.xc0re.net/2018/05/25/tp-link-wireless-router-archer-c1200-cross-site-scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-12576
https://notcve.org/view.php?id=CVE-2018-12576
TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. Los dispositivos TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n permiten el secuestro de clicks. • https://software-talk.org/blog/2018/04/tplink-wr841n-clickjacking-https • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •