CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-31340
https://notcve.org/view.php?id=CVE-2024-31340
TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. Las versiones de TP-Link Tether anteriores a 4.5.13 y las versiones de TP-Link Tapo anteriores a 3.3.6 no validan correctamente los certificados, lo que puede permitir que un atacante remoto no autenticado escuche a escondidas una comunicación cifrada a través de un ataque de intermediario. • https://jvn.jp/en/jp/JVN29471697 https://play.google.com/store/apps/details?id=com.tplink.iot https://play.google.com/store/apps/details?id=com.tplink.tether •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43318 – TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-43318
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests. TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 permite a los atacantes escalar privilegios mediante la modificación de los valores 'tid' y 'usrlvl' en las solicitudes GET. TP-Link JetStream Smart Switch TL-SG2210P version 5.0 build 20211201 suffers from a privilege escalation vulnerability. • https://github.com/str2ver/CVE-2023-43318 https://github.com/str2ver/CVE-2023-43318/tree/main https://seclists.org/fulldisclosure/2024/Mar/9 • CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2023-43482
https://notcve.org/view.php?id=CVE-2023-43482
A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de ejecución de comandos en la funcionalidad de recursos invitados de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede provocar la ejecución de un comando arbitrario. • https://github.com/Mr-xn/CVE-2023-43482 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1850 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-36498
https://notcve.org/view.php?id=CVE-2023-36498
A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell. Existe una vulnerabilidad de inyección de comando posterior a la autenticación en la funcionalidad del cliente PPTP de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyección de comandos arbitrarios. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1853 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47209
https://notcve.org/view.php?id=CVE-2023-47209
A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de inyección de comando posterior a la autenticación en la funcionalidad de política ipsec de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyección de comandos arbitrarios. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1854 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •