Page 6 of 30 results (0.005 seconds)

CVSS: 10.0EPSS: 26%CPEs: 4EXPL: 2

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action. Se ha descubierto un problema en los dispositivos TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n y TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n. Este problema viene provocado por una gestión incorrecta de sesiones en la carpeta /cgi/ o un archivo /cgi. • http://blog.securelayer7.net/time-to-disable-tp-link-home-wifi-router https://www.exploit-db.com/exploits/44781 • CWE-384: Session Fixation •

CVSS: 7.8EPSS: 87%CPEs: 26EXPL: 3

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. Vulnerabilidad de salto de directorio en TP-LINK Archer C5 (1.2) con firmware anterior a 150317, C7 (2.0) con firmware anterior a 150304, y C8 (1.0) con firmware anterior a 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), y TL-WDR4300 (1.0) con firmware anterior a 150302, TL-WR740N (5.0) y TL-WR741ND (5.0) con firmware anterior a 150312, y TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), y TL-WR841ND (10.0) con firmware anterior a 150310 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en PATH_INFO en login/. Multiple TP-LINK products suffer from a local file disclosure vulnerability. • http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html http://seclists.org/fulldisclosure/2015/Apr/26 http://www.securityfocus.com/archive/1/535240/100/0/threaded http://www.securityfocus.com/bid/74050 http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware http://www.tp-link.com/en/download/Archer-C9_V1.html&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter. Vulnerabilidad de salto de directorio en el interfaz de gestión web del router TP-LINK TL-WR841N router con firmware v3.13.9 build 120201 Rel.54965n y anteriores, permite a atacantes remotos leer ficheros arbitrarios a través de un parámetro en la URL. • https://www.exploit-db.com/exploits/24504 http://www.kb.cert.org/vuls/id/185100 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. Múltiples vulnerabilidades de XSS en el router TP-LINK TL-WR841N con firmware 3.13.9 Build 120201 Rel.54965n y anteriores permiten a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) username o (2) pwd en userRpm/NoipDdnsRpm.htm. TP-LINK TL-WR841N versions 3.13.9 Build 120201 Rel.54965n and below suffer from a cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2012/Dec/93 http://www.securityfocus.com/bid/56602 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 2

Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI. Una vulnerabilidad de salto de directorio en la función de administración web del Router TP-LINK TL-WR841N con firmware v3.13.9 build 120201 Rel.54965n y anteriores permite a atacantes remotos leer archivos de su elección a través de un .. (punto punto) en el PATH_INFO a la URI help/. • https://www.exploit-db.com/exploits/24504 http://archives.neohapsis.com/archives/bugtraq/2012-10/0154.html http://packetstormsecurity.org/files/117749/TP-LINK-TL-WR841N-Local-File-Inclusion.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79662 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •