CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-36489
https://notcve.org/view.php?id=CVE-2023-36489
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. Múltiples productos TP-LINK permiten que un atacante no autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Los productos/versiones afectados son los siguientes: versiones de firmware del TL-WR802N anteriores a 'TL-WR802N(JP)_V4_221008', versiones de firmware del TL-WR841N anteriores a 'TL-WR841N(JP)_V14_230506' y versiones de firmware del TL-WR902AC anteriores a 'TL-WR902AC(JP)_V3_230506'. • https://jvn.jp/en/vu/JVNVU99392903 https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-46912
https://notcve.org/view.php?id=CVE-2022-46912
An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. Un problema en el proceso de actualización de firmware de TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 y anteriores permite a atacantes ejecutar código arbitrario o provocar una Denegación de Servicio (DoS) mediante la carga de una imagen de firmware manipulada. • https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/Sk6sfbTPi https://www.tp-link.com/us/press/security-advisory •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25073
https://notcve.org/view.php?id=CVE-2022-25073
TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. Se ha detectado que los routers TL-WR841Nv14_US_0.9.1_4.18, contienen un desbordamiento de pila en la función dm_fillObjByStr(). Esta vulnerabilidad permite a atacantes no autenticados ejecutar código arbitrario • https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR841N • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35576 – TP-Link TL-WR841N - Command Injection
https://notcve.org/view.php?id=CVE-2020-35576
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577. Un problema de Inyección de Comando en la funcionalidad traceroute en TP-Link TL-WR841N V13 (JP) con versiones de firmware anteriores a 201216, permite a usuarios autenticados ejecutar código arbitrario como root por medio de metacaracteres de shell, una vulnerabilidad diferente a CVE-2018-12577 • https://www.exploit-db.com/exploits/50058 https://jvn.jp/en/vu/JVNVU92444096 https://www.tp-link.com/jp/support/download/tl-wr841n/v13/#Firmware https://www.tp-link.com/us/security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-6316 – TP-LINK TL-WR841N 3.13.9 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2012-6316
Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. Múltiples vulnerabilidades de XSS en el router TP-LINK TL-WR841N con firmware 3.13.9 Build 120201 Rel.54965n y anteriores permiten a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) username o (2) pwd en userRpm/NoipDdnsRpm.htm. TP-LINK TL-WR841N versions 3.13.9 Build 120201 Rel.54965n and below suffer from a cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2012/Dec/93 http://www.securityfocus.com/bid/56602 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •