CVSS: 7.5EPSS: 4%CPEs: 8EXPL: 3CVE-2013-2572 – TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-2572
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files. Se presenta una vulnerabilidad de Omisión de Seguridad en TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, y 3130 versiones 1.6.18P12, debido a credenciales predeterminadas embebidas para la interfaz web administrativa, lo que podría permitir a un usuario malicioso obtener acceso no autorizado a archivos CGI. TP-Link IP cameras suffer from hard-coded credential and remote command execution vulnerabilities. • https://www.exploit-db.com/exploits/25812 http://www.exploit-db.com/exploits/25812 http://www.securityfocus.com/bid/60194 https://exchange.xforce.ibmcloud.com/vulnerabilities/84573 https://packetstormsecurity.com/files/cve/CVE-2013-2572 https://www.coresecurity.com/advisories/tp-link-ip-cameras-multiple-vulnerabilities • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 19%CPEs: 6EXPL: 2CVE-2013-2573 – TP-Link IP Cameras Firmware 1.6.18P12 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-2573
A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code. Se presenta una vulnerabilidad de Inyección de Comandos en el parámetro ap del archivo /cgi-bin/mft/wireless_mft.cgi en TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. y 4171G versión 1.6.18P12s, que podría permitir a un usuario malicioso ejecutar código arbitrario. TP-Link IP cameras suffer from hard-coded credential and remote command execution vulnerabilities. • https://www.exploit-db.com/exploits/25812 http://www.securityfocus.com/bid/60195 https://exchange.xforce.ibmcloud.com/vulnerabilities/84574 https://packetstormsecurity.com/files/cve/CVE-2013-2573 https://vuldb.com/?id.8912 https://www.coresecurity.com/advisories/tp-link-IP-cameras-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2012-6276 – TP-Link TL-WA701N / TL-WA701ND - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-6276
Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter. Vulnerabilidad de salto de directorio en el interfaz de gestión web del router TP-LINK TL-WR841N router con firmware v3.13.9 build 120201 Rel.54965n y anteriores, permite a atacantes remotos leer ficheros arbitrarios a través de un parámetro en la URL. • https://www.exploit-db.com/exploits/24504 http://www.kb.cert.org/vuls/id/185100 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6316 – TP-LINK TL-WR841N 3.13.9 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-6316
Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. Múltiples vulnerabilidades de XSS en el router TP-LINK TL-WR841N con firmware 3.13.9 Build 120201 Rel.54965n y anteriores permiten a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) username o (2) pwd en userRpm/NoipDdnsRpm.htm. TP-LINK TL-WR841N versions 3.13.9 Build 120201 Rel.54965n and below suffer from a cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2012/Dec/93 http://www.securityfocus.com/bid/56602 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 2CVE-2012-5687 – TP-Link TL-WA701N / TL-WA701ND - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-5687
Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI. Una vulnerabilidad de salto de directorio en la función de administración web del Router TP-LINK TL-WR841N con firmware v3.13.9 build 120201 Rel.54965n y anteriores permite a atacantes remotos leer archivos de su elección a través de un .. (punto punto) en el PATH_INFO a la URI help/. • https://www.exploit-db.com/exploits/24504 http://archives.neohapsis.com/archives/bugtraq/2012-10/0154.html http://packetstormsecurity.org/files/117749/TP-LINK-TL-WR841N-Local-File-Inclusion.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79662 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •