CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 2CVE-2022-48194 – TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated)
https://notcve.org/view.php?id=CVE-2022-48194
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate. Los dispositivos TP-Link TL-WR902AC hasta V3 0.9.1 permiten a atacantes remotos autenticados ejecutar código arbitrario o provocar una Denegación de Servicio (DoS) cargando una actualización de firmware manipulada porque la verificación de firma es inadecuada. TP-Link TL-WR902AC with firmware version 210730 (V3) suffers from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/51192 http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execution.html https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25074
https://notcve.org/view.php?id=CVE-2022-25074
TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. Se ha detectado que los routers TP-Link TL-WR902AC(US)_V3_191209, contienen un desbordamiento de pila en la función DM_ Fillobjbystr(). Esta vulnerabilidad permite a atacantes no autenticados ejecutar código arbitrario • https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902AC • CWE-787: Out-of-bounds Write •