CVE-2024-54127 – Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50
https://notcve.org/view.php?id=CVE-2024-54127
05 Dec 2024 — This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0354 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2024-54126 – Insufficient Integrity Verification Vulnerability in TP-Link Archer C50
https://notcve.org/view.php?id=CVE-2024-54126
05 Dec 2024 — This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0354 • CWE-347: Improper Verification of Cryptographic Signature CWE-494: Download of Code Without Integrity Check •
CVE-2024-53375 – TP-Link Archer Authenticated OS Command Injection
https://notcve.org/view.php?id=CVE-2024-53375
02 Dec 2024 — Authenticated remote code execution (RCE) vulnerabilities affect TP-Link Archer, Deco, and Tapo series routers. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the installation or activation of the HomeShield functionality. Las vulnerabilidades de ejecución remota de código (RCE) autenticada afectan a los enrutadores de las series Archer, Deco y Tapo de TP-Link. Existe una vulnerabilidad en la función... • https://packetstorm.news/files/id/183288 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-53623
https://notcve.org/view.php?id=CVE-2024-53623
29 Nov 2024 — Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information. • https://github.com/Crane-c/CVE_Request/blob/main/TP-Link/C7v5/TPLink_ARCHERC7v5_unauthorized_access_vulnerability_first.md • CWE-306: Missing Authentication for Critical Function •
CVE-2024-11237 – TP-Link VN020 F3v(T) DHCP DISCOVER Packet Parser TP-Thumper stack-based overflow
https://notcve.org/view.php?id=CVE-2024-11237
15 Nov 2024 — A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Zephkek/TP-Thumper • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVE-2024-10523 – Information Disclosure Vulnerability in TP-Link IoT Smart Hub
https://notcve.org/view.php?id=CVE-2024-10523
04 Nov 2024 — This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0331 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2024-22733
https://notcve.org/view.php?id=CVE-2024-22733
01 Nov 2024 — TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker. • https://lenoctambule.dev/post/dos-on-tp-link-web-admin-panel • CWE-476: NULL Pointer Dereference •
CVE-2024-48710
https://notcve.org/view.php?id=CVE-2024-48710
15 Oct 2024 — In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. • https://github.com/sezangel/IOT-vul/blob/main/TPlink/TL-WDR7660/1/readme.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-48712
https://notcve.org/view.php?id=CVE-2024-48712
15 Oct 2024 — In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. • https://github.com/sezangel/IOT-vul/blob/main/TPlink/TL-WDR7660/3/readme.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-48713
https://notcve.org/view.php?id=CVE-2024-48713
15 Oct 2024 — In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. • https://github.com/sezangel/IOT-vul/blob/main/TPlink/TL-WDR7660/4/read.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •