CVE-2020-35576 – TP-Link TL-WR841N - Command Injection
https://notcve.org/view.php?id=CVE-2020-35576
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577. Un problema de Inyección de Comando en la funcionalidad traceroute en TP-Link TL-WR841N V13 (JP) con versiones de firmware anteriores a 201216, permite a usuarios autenticados ejecutar código arbitrario como root por medio de metacaracteres de shell, una vulnerabilidad diferente a CVE-2018-12577 • https://www.exploit-db.com/exploits/50058 https://jvn.jp/en/vu/JVNVU92444096 https://www.tp-link.com/jp/support/download/tl-wr841n/v13/#Firmware https://www.tp-link.com/us/security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-12576
https://notcve.org/view.php?id=CVE-2018-12576
TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. Los dispositivos TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n permiten el secuestro de clicks. • https://software-talk.org/blog/2018/04/tplink-wr841n-clickjacking-https • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2018-12575 – TP-Link TL-WR841N V13 Insecure Direct Object Reference
https://notcve.org/view.php?id=CVE-2018-12575
On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. En dispositivos TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n, todas las acciones en la interfaz web se han visto afectadas por una omisión de autenticación mediante una petición HTTP. TP-Link TL-WR841N v13 suffers from an authentication bypass vulnerability via an insecure direct object reference vulnerability. • https://software-talk.org/blog/2018/06/tplink-wr841n-broken-auth-cve-2018-12575 • CWE-287: Improper Authentication •
CVE-2018-12577 – TP-Link TL-WR841N V13 Command Injection
https://notcve.org/view.php?id=CVE-2018-12577
The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. Las funcionalidades Ping y Traceroute en dispositivos TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n permiten la inyección de comandos ciega autenticada. TP-Link TL-WR841N v13 suffers from a blind command injection vulnerability. • https://software-talk.org/blog/2018/06/tplink-wr841n-code-exec-cve-2018-12577 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-12574 – TP-Link TL-WR841N V13 Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-12574
CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. Existe CSRF para todas las acciones en la interfaz web en dispositivos TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n. TP-Link TL-WR841N v13 suffers from cross site request forgery vulnerabilities. • https://software-talk.org/blog/2018/06/tplink-wr841n-csrf-cve-2018-12574 • CWE-352: Cross-Site Request Forgery (CSRF) •