CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46539
https://notcve.org/view.php?id=CVE-2023-46539
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. Se descubrió que TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin contiene un desbordamiento de pila a través de la función RegisterRequestHandle. • https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/8/1.md https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46371
https://notcve.org/view.php?id=CVE-2023-46371
TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. El dispositivo TP-Link TL-WDR7660 2.0.30 tiene una vulnerabilidad de desbordamiento de pila a través de la función UpgradeInfoJsonToBin. TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. • https://github.com/Archerber/bug_submit/blob/main/TP-Link/TL-WDR7660/2.md https://github.com/Jianchun-Ding/CVE-poc-update • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46373
https://notcve.org/view.php?id=CVE-2023-46373
TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses. TP-Link TL-WDR7660 2.0.30 tiene una vulnerabilidad de desbordamiento de pila a través de la función deviceInfoJsonToBincauses. • https://github.com/Archerber/bug_submit/blob/main/TP-Link/TL-WDR7660/3.md • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2023-42189
https://notcve.org/view.php?id=CVE-2023-42189
Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. Vulnerabilidad de permisos inseguros en Connectivity Standards Alliance Matter Official SDK v.1.1.0.0, Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030 y yeelight smart lamp v.1.12.69 permite que un atacante remoto provoque una denegación de servicio mediante un script manipulado para la función KeySetRemove. • https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf https://github.com/project-chip/connectedhomeip/issues/28518 https://github.com/project-chip/connectedhomeip/issues/28679 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38907
https://notcve.org/view.php?id=CVE-2023-38907
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key. Un problema en TPLink Smart bulb TPLink Tapo series L530 v.1.0.0 y Tapo Application v.2.8.14 permite a un atacante remoto obtener información sensible a través de la clave de sesión en la función de mensaje. • https://arxiv.org/abs/2308.09019 https://www.dmi.unict.it/giamp/smartbulbscanbehackedtohackintoyourhousehold https://www.scitepress.org/Papers/2023/120929/120929.pdf https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1 •