CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-12574 – TP-Link TL-WR841N V13 Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-12574
CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. Existe CSRF para todas las acciones en la interfaz web en dispositivos TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n. TP-Link TL-WR841N v13 suffers from cross site request forgery vulnerabilities. • https://software-talk.org/blog/2018/06/tplink-wr841n-csrf-cve-2018-12574 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 26%CPEs: 4EXPL: 2CVE-2018-11714
https://notcve.org/view.php?id=CVE-2018-11714
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action. Se ha descubierto un problema en los dispositivos TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n y TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n. Este problema viene provocado por una gestión incorrecta de sesiones en la carpeta /cgi/ o un archivo /cgi. • http://blog.securelayer7.net/time-to-disable-tp-link-home-wifi-router https://www.exploit-db.com/exploits/44781 • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-9466
https://notcve.org/view.php?id=CVE-2017-9466
The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuration service tddp via the LAN and Ath0 (Wi-Fi) interfaces. El httpd ejecutable en el router TP-Link WR841N V8, en versiones anteriores a la TL-WR841N(UN)_V8_170210, contiene un fallo de diseño en el uso de DES para el cifrado en bloque. Esto resultó en un control de acceso incorrecto, lo que permitía que atacantes obtuviesen acceso de lectura-escritura a las opciones del sistema mediante el servicio de configuración del router protegido tddp mediante las interfaces LAN y Ath0 (Wi-Fi). • http://blog.senr.io/blog/cve-2017-9466-why-is-my-router-blinking-morse-code • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 87%CPEs: 26EXPL: 3CVE-2015-3035 – TP-Link Multiple Archer Devices Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2015-3035
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. Vulnerabilidad de salto de directorio en TP-LINK Archer C5 (1.2) con firmware anterior a 150317, C7 (2.0) con firmware anterior a 150304, y C8 (1.0) con firmware anterior a 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), y TL-WDR4300 (1.0) con firmware anterior a 150302, TL-WR740N (5.0) y TL-WR741ND (5.0) con firmware anterior a 150312, y TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), y TL-WR841ND (10.0) con firmware anterior a 150310 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en PATH_INFO en login/. Multiple TP-LINK products suffer from a local file disclosure vulnerability. • http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html http://seclists.org/fulldisclosure/2015/Apr/26 http://www.securityfocus.com/archive/1/535240/100/0/threaded http://www.securityfocus.com/bid/74050 http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware http://www.tp-link.com/en/download/Archer-C9_V1.html&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2012-6276 – TP-Link TL-WA701N / TL-WA701ND - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-6276
Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter. Vulnerabilidad de salto de directorio en el interfaz de gestión web del router TP-LINK TL-WR841N router con firmware v3.13.9 build 120201 Rel.54965n y anteriores, permite a atacantes remotos leer ficheros arbitrarios a través de un parámetro en la URL. • https://www.exploit-db.com/exploits/24504 http://www.kb.cert.org/vuls/id/185100 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •