CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-21773
https://notcve.org/view.php?id=CVE-2024-21773
10 Jan 2024 — Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings. Múltiples productos TP-LINK permiten que un atacante no autenticado adyacente a la red con acceso al producto ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: Versiones de firmware Archer AX30... • https://jvn.jp/en/vu/JVNVU91401812 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-27098
https://notcve.org/view.php?id=CVE-2023-27098
09 Jan 2024 — TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. TP-Link Tapo APK hasta v2.12.703 utiliza credenciales codificadas para acceder al panel de inicio de sesión. • http://tp-lin.com • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34829
https://notcve.org/view.php?id=CVE-2023-34829
28 Dec 2023 — Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. El control de acceso incorrecto en TP-Link Tapo anterior a v3.1.315 permite a los atacantes acceder a las credenciales de usuario en texto plano. • https://github.com/SecureScripts/TP-Link_Tapo_Hack • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50224 – TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-50224
19 Dec 2023 — TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. • https://www.tp-link.com/en/support/download/tl-wr841n/v12/#Firmware • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50225 – TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50225
19 Dec 2023 — TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • https://www.tp-link.com/ca/support/download/tl-wr902ac/v3/#Firmware • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39471 – TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-39471
14 Nov 2023 — TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. • https://www.zerodayinitiative.com/advisories/ZDI-23-1624 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44447 – TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-44447
14 Nov 2023 — TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. • https://www.zerodayinitiative.com/advisories/ZDI-23-1623 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44448 – TP-Link Archer A54 libcmm.so dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44448
14 Nov 2023 — TP-Link Archer A54 libcmm.so dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A54 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the file libcmm.so. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • https://www.zerodayinitiative.com/advisories/ZDI-23-1625 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-39610
https://notcve.org/view.php?id=CVE-2023-39610
31 Oct 2023 — An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. Un problema en TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) y anteriores permite a los atacantes provocar una Denegación de Servicio (DoS) mediante el suministro de una solicitud web manipulada. • https://github.com/zn9988/publications/tree/main/1.TP-Link%20Tapo%20C100%20-%20HTTP%20Denial-Of-Service • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46539
https://notcve.org/view.php?id=CVE-2023-46539
25 Oct 2023 — TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. Se descubrió que TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin contiene un desbordamiento de pila a través de la función RegisterRequestHandle. • https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/8/1.md • CWE-787: Out-of-bounds Write •