CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2019-6487
https://notcve.org/view.php?id=CVE-2019-6487
TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field. Los dispositivos TP-Link WDR Series hasta la versión de firmware v3 (como TL-WDR5620 V3.0) se ven afectados por una inyección de comandos (después de iniciar sesión), conduciendo a la ejecución remota de código debido a que se pueden incluir metacaracteres shell en el campo weather" en "get_weather_observe citycode". • https://github.com/0xcc-Since2016/TP-Link-WDR-Router-Command-injection_POC/blob/master/poc.py • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 87%CPEs: 26EXPL: 3CVE-2015-3035 – TP-Link Multiple Archer Devices Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2015-3035
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. Vulnerabilidad de salto de directorio en TP-LINK Archer C5 (1.2) con firmware anterior a 150317, C7 (2.0) con firmware anterior a 150304, y C8 (1.0) con firmware anterior a 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), y TL-WDR4300 (1.0) con firmware anterior a 150302, TL-WR740N (5.0) y TL-WR741ND (5.0) con firmware anterior a 150312, y TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), y TL-WR841ND (10.0) con firmware anterior a 150310 permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en PATH_INFO en login/. Multiple TP-LINK products suffer from a local file disclosure vulnerability. • http://packetstormsecurity.com/files/131378/TP-LINK-Local-File-Disclosure.html http://seclists.org/fulldisclosure/2015/Apr/26 http://www.securityfocus.com/archive/1/535240/100/0/threaded http://www.securityfocus.com/bid/74050 http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware http://www.tp-link.com/en/download/Archer-C7_V2.html#Firmware http://www.tp-link.com/en/download/Archer-C8_V1.html#Firmware http://www.tp-link.com/en/download/Archer-C9_V1.html&# • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •