CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 1CVE-2023-43137
https://notcve.org/view.php?id=CVE-2023-43137
20 Sep 2023 — TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n tiene una vulnerabilidad de inyección de comandos, cuando un atacante agrega reglas ACL después de la autenticación y el parámetro de nombre de regla tiene puntos de inyección. • https://github.com/7R4C4R/CVE/blob/main/TPLINK-TL-ER5120G/command%20injection/01/command%20injection01.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-36489
https://notcve.org/view.php?id=CVE-2023-36489
06 Sep 2023 — Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. Múltiples productos TP-LINK permiten que un atacante no autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Los productos/version... • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31188
https://notcve.org/view.php?id=CVE-2023-31188
06 Sep 2023 — Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'. Múltiples productos TP-LINK permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Los productos/versiones... • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32619
https://notcve.org/view.php?id=CVE-2023-32619
06 Sep 2023 — Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. Las versiones de firmware de Archer C50 anteriores a 'Archer C50(JP)_V3_230505' y las versiones de firmware de Archer C55 anteriores a 'Archer C55(JP)_V1_230506' utilizan credenciales codificadas para iniciar sesión en el ... • https://jvn.jp/en/vu/JVNVU99392903 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-37284
https://notcve.org/view.php?id=CVE-2023-37284
06 Sep 2023 — Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication. Una vulnerabilidad de autenticación incorrecta en las versiones de firmware de Archer C20 anteriores a 'Archer C20(JP)_V1_230616' permite a un atacante no autenticado adyacente a la red ejecutar un comando arbitrario del sistema operativo a través de una solicitud manipul... • https://jvn.jp/en/vu/JVNVU99392903 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-38563
https://notcve.org/view.php?id=CVE-2023-38563
06 Sep 2023 — Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Las versiones de firmware de Archer C1200 anteriores a 'Archer C1200(JP)_V2_230508' y las versiones de firmware de Archer C9 anteriores a 'Archer C9(JP)_V3_230508' permiten que un atacante no autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38568
https://notcve.org/view.php?id=CVE-2023-38568
06 Sep 2023 — Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Las versiones de firmware de Archer A10 anteriores a 'Archer A10(JP)_V2_230504' permiten que un atacante no autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38588
https://notcve.org/view.php?id=CVE-2023-38588
06 Sep 2023 — Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. Las versiones de firmware de Archer C3150 anteriores a 'Archer C3150(JP)_V2_230511' permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39224
https://notcve.org/view.php?id=CVE-2023-39224
06 Sep 2023 — Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided. Todas las versiones del firmware Archer C5 y las versiones del firmware Archer C7 anteriores a 'Archer C7(JP)_V2_230602' permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Ten... • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39935
https://notcve.org/view.php?id=CVE-2023-39935
06 Sep 2023 — Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. Las versiones de firmware de Archer C5400 anteriores a 'Archer C5400(JP)_V2_230506' permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •