CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8076
https://notcve.org/view.php?id=CVE-2017-8076
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. En TP-Link TL-SG108E 1.0, las comunicaciones de red de administración están codificadas en RC4, aunque RC4 está obsoleto. Esto afecta al firmware 1.1.2 Build 20141017 Rel.50749. • https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1000009
https://notcve.org/view.php?id=CVE-2016-1000009
TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices. TP-LINK pierde control de dos dominios, www.tplinklogin.net y tplinkextender.net. Tenga en cuenta que estos dominios se imprimen físicamente en muchos de los dispositivos. • http://seclists.org/bugtraq/2016/Jul/3 https://pbs.twimg.com/media/CmnQ3F0WIAAs_X0.jpg https://pbs.twimg.com/media/CmnQGI0WAAIbPHA.jpg • CWE-254: 7PK - Security Features •
CVSS: 7.8EPSS: 87%CPEs: 26EXPL: 3CVE-2015-3035 – TP-Link Multiple Archer Devices Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2015-3035
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. Vulnerabilidad de salto de directorio en TP-LINK Archer C5 (1.2) con firmware anterior a 150317, C7 (2.0) con firmware anterior a 150304, y C8 (1.0) con firmware anterior a 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), y TL-WDR4300 (1.0) con firmware anterior a 150302, TL-WR740N (5.0) y TL-WR741ND (5.0) con firmware anterior a 150312, y TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), y TL-WR841ND (10.0) con firmware anterior a 150310 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en PATH_INFO en login/. Multiple TP-LINK products suffer from a local file disclosure vulnerability. • http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html http://seclists.org/fulldisclosure/2015/Apr/26 http://www.securityfocus.com/archive/1/535240/100/0/threaded http://www.securityfocus.com/bid/74050 http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware http://www.tp-link.com/en/download/Archer-C9_V1.html&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9510
https://notcve.org/view.php?id=CVE-2014-9510
Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. Vulnerabilidad de CSRF en la consola de administración en el router TP-Link TL-WR840N (V1) con firmware anterior a 3.13.27 build 141120 permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que cambian las configuraciones de routers a través de una importación de un fichero de configuraciones. • http://seclists.org/fulldisclosure/2015/Jan/14 http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2015-001 http://www.securityfocus.com/bid/71913 http://www.tp-link.com/en/support/download/?model=TL-WR840N&version=V1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 51%CPEs: 4EXPL: 2CVE-2014-9350 – TP-Link TL-WR740N - Denial of Service
https://notcve.org/view.php?id=CVE-2014-9350
TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm. TP-Link TL-WR740N 4 con firmware 3.17.0 Build 140520, 3.16.6 Build 130529, y 3.16.4 Build 130205 permite a atacantes remotos causar una denegación de servicio (caída de httpd) a través de vectores que involucran un valor 'nuevo' en el parámetro isNew en PingIframeRpm.htm. • https://www.exploit-db.com/exploits/35345 http://packetstormsecurity.com/files/129227/TP-Link-TL-WR740N-Denial-Of-Service.html http://www.exploit-db.com/exploits/35345 http://www.osvdb.org/115017 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5210.php https://exchange.xforce.ibmcloud.com/vulnerabilities/98927 • CWE-19: Data Processing Errors •