CVE-2023-31188
https://notcve.org/view.php?id=CVE-2023-31188
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'. Múltiples productos TP-LINK permiten que un atacante autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: versiones de firmware de Archer C50 anteriores a 'Archer C50(JP)_V3_230505', versiones de firmware de Archer C55 anteriores a 'Archer C55(JP)_V1_230506' y versiones de firmware de Archer C20 anteriores a 'Archer C20(JP) )_V1_230616'. • https://jvn.jp/en/vu/JVNVU99392903 https://www.tp-link.com/jp/support/download/archer-c20/v1/#Firmware https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware https://www.tp-link.com/jp/support/download/archer-c55/#Firmware • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-32619
https://notcve.org/view.php?id=CVE-2023-32619
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. Las versiones de firmware de Archer C50 anteriores a 'Archer C50(JP)_V3_230505' y las versiones de firmware de Archer C55 anteriores a 'Archer C55(JP)_V1_230506' utilizan credenciales codificadas para iniciar sesión en el dispositivo afectado, lo que puede permitir que un atacante no autenticado adyacente a la red para ejecutar un comando arbitrario del sistema operativo. • https://jvn.jp/en/vu/JVNVU99392903 https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware https://www.tp-link.com/jp/support/download/archer-c55/#Firmware • CWE-798: Use of Hard-coded Credentials •
CVE-2023-30383
https://notcve.org/view.php?id=CVE-2023-30383
TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data. • http://tplink.com https://gist.github.com/a2ure123/a4eda2813d85d8b414bb87e855ab4bf8 https://www.tp-link.com/us/support/download/archer-c2/v1/#Firmware https://www.tp-link.com/us/support/download/archer-c50/v2/#Firmware https://www.tp-link.com/us/support/download/archer-c50/v2/#Firmware%29%2CTPLINK • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-0936 – TP-Link Archer C50 Web Management Interface denial of service
https://notcve.org/view.php?id=CVE-2023-0936
A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. • https://vuldb.com/?ctiid.221552 https://vuldb.com/?id.221552 • CWE-404: Improper Resource Shutdown or Release •
CVE-2022-33087
https://notcve.org/view.php?id=CVE-2022-33087
A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Un desbordamiento de pila en la función DM_ In fillobjbystr() de TP-Link Archer versión C50&A5(US)_V5_200407, permite a atacantes causar una Denegación de Servicio (DoS) por medio de una petición HTTP diseñada • https://github.com/cilan2/iot/blob/main/4.md • CWE-787: Out-of-bounds Write •