CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-36489
https://notcve.org/view.php?id=CVE-2023-36489
06 Sep 2023 — Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. Múltiples productos TP-LINK permiten que un atacante no autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Los productos/version... • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2021-4144
https://notcve.org/view.php?id=CVE-2021-4144
23 Dec 2021 — TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. El router wifi TL-WR802N V4(JP) de TP-Link, con versión de firmware anterior a 211202, es vulnerable a una inyección de comandos del Sistema Operativo • https://jvn.jp/en/vu/JVNVU94883311 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 11%CPEs: 2EXPL: 1CVE-2021-29302
https://notcve.org/view.php?id=CVE-2021-29302
12 Apr 2021 — TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution. TP-Link TL-WR802N (EE. UU.), Archer_C50v5_US v4_200 versiones 2020.06 incluyéndola, contiene una vulnerabilidad de desbordamiento de búfer en el proceso httpd en el cuerpo del mensaje. El vector de ataque es: el atacante puede... • https://github.com/liyansong2018/CVE/tree/main/2021/CVE-2021-29302 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 1%CPEs: 10EXPL: 4CVE-2021-3275 – TP-Link Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-3275
26 Mar 2021 — Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization. Se p... • https://packetstorm.news/files/id/161989 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •