CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54127 – Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50
https://notcve.org/view.php?id=CVE-2024-54127
05 Dec 2024 — This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0354 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54126 – Insufficient Integrity Verification Vulnerability in TP-Link Archer C50
https://notcve.org/view.php?id=CVE-2024-54126
05 Dec 2024 — This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0354 • CWE-347: Improper Verification of Cryptographic Signature CWE-494: Download of Code Without Integrity Check •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31188
https://notcve.org/view.php?id=CVE-2023-31188
06 Sep 2023 — Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'. Múltiples productos TP-LINK permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Los productos/versiones... • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32619
https://notcve.org/view.php?id=CVE-2023-32619
06 Sep 2023 — Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. Las versiones de firmware de Archer C50 anteriores a 'Archer C50(JP)_V3_230505' y las versiones de firmware de Archer C55 anteriores a 'Archer C55(JP)_V1_230506' utilizan credenciales codificadas para iniciar sesión en el ... • https://jvn.jp/en/vu/JVNVU99392903 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-30383
https://notcve.org/view.php?id=CVE-2023-30383
18 Jul 2023 — TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data. • http://tplink.com • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-0936 – TP-Link Archer C50 Web Management Interface denial of service
https://notcve.org/view.php?id=CVE-2023-0936
21 Feb 2023 — A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. • https://vuldb.com/?ctiid.221552 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-33087
https://notcve.org/view.php?id=CVE-2022-33087
30 Jun 2022 — A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Un desbordamiento de pila en la función DM_ In fillobjbystr() de TP-Link Archer versión C50&A5(US)_V5_200407, permite a atacantes causar una Denegación de Servicio (DoS) por medio de una petición HTTP diseñada • https://github.com/cilan2/iot/blob/main/4.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 4%CPEs: 220EXPL: 3CVE-2020-12695 – hostapd: UPnP SUBSCRIBE misbehavior in WPS AP
https://notcve.org/view.php?id=CVE-2020-12695
08 Jun 2020 — The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. La especificación UPnP de Open Connectivity Foundation antes del 17-04-2020 no prohíbe la aceptación de una petición de suscripción con una URL de entrega en un segmento de red diferente a la URL de suscripción de evento totalmente calificada, también se co... • https://packetstorm.news/files/id/158051 • CWE-276: Incorrect Default Permissions CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 24%CPEs: 4EXPL: 5CVE-2020-9375 – TP-Link Archer C50 3 - Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2020-9375
25 Mar 2020 — TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field. Dispositivos TP-Link Archer C50 versiones V3 anteriores a Build 200318 Rel. 62209, permite a atacantes remotos causar una denegación de servicio por medio de un Encabezado HTTP diseñado que contiene un campo Referer inesperado. TP-Link Archer C50 V3 devices before build 200318 release 62209 allow remote attackers to cause a denial... • https://packetstorm.news/files/id/156928 • CWE-772: Missing Release of Resource after Effective Lifetime •