CVE-2023-46538
https://notcve.org/view.php?id=CVE-2023-46538
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister. Se descubrió que TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin contiene un desbordamiento de pila a través de la función chkResetVeriRegister. • https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/4/1.md https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 • CWE-787: Out-of-bounds Write •
CVE-2023-46539
https://notcve.org/view.php?id=CVE-2023-46539
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. Se descubrió que TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin contiene un desbordamiento de pila a través de la función RegisterRequestHandle. • https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/8/1.md https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 • CWE-787: Out-of-bounds Write •
CVE-2023-46371
https://notcve.org/view.php?id=CVE-2023-46371
TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. El dispositivo TP-Link TL-WDR7660 2.0.30 tiene una vulnerabilidad de desbordamiento de pila a través de la función UpgradeInfoJsonToBin. TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. • https://github.com/Archerber/bug_submit/blob/main/TP-Link/TL-WDR7660/2.md https://github.com/Jianchun-Ding/CVE-poc-update • CWE-787: Out-of-bounds Write •
CVE-2023-46373
https://notcve.org/view.php?id=CVE-2023-46373
TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses. TP-Link TL-WDR7660 2.0.30 tiene una vulnerabilidad de desbordamiento de pila a través de la función deviceInfoJsonToBincauses. • https://github.com/Archerber/bug_submit/blob/main/TP-Link/TL-WDR7660/3.md • CWE-787: Out-of-bounds Write •
CVE-2023-42189
https://notcve.org/view.php?id=CVE-2023-42189
Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. Vulnerabilidad de permisos inseguros en Connectivity Standards Alliance Matter Official SDK v.1.1.0.0, Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030 y yeelight smart lamp v.1.12.69 permite que un atacante remoto provoque una denegación de servicio mediante un script manipulado para la función KeySetRemove. • https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf https://github.com/project-chip/connectedhomeip/issues/28518 https://github.com/project-chip/connectedhomeip/issues/28679 • CWE-732: Incorrect Permission Assignment for Critical Resource •