CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50225 – TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50225
19 Dec 2023 — TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • https://www.tp-link.com/ca/support/download/tl-wr902ac/v3/#Firmware • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44447 – TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-44447
14 Nov 2023 — TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. • https://www.zerodayinitiative.com/advisories/ZDI-23-1623 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-36489
https://notcve.org/view.php?id=CVE-2023-36489
06 Sep 2023 — Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. Múltiples productos TP-LINK permiten que un atacante no autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Los productos/version... • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 62%CPEs: 2EXPL: 4CVE-2022-48194 – TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated)
https://notcve.org/view.php?id=CVE-2022-48194
30 Dec 2022 — TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate. Los dispositivos TP-Link TL-WR902AC hasta V3 0.9.1 permiten a atacantes remotos autenticados ejecutar código arbitrario o provocar una Denegación de Servicio (DoS) cargando una actualización de firmware manipulada porque la verificación de firma es inadecuada. TP-Link TL-WR902AC with fir... • https://packetstorm.news/files/id/171623 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2022-25074
https://notcve.org/view.php?id=CVE-2022-25074
22 Feb 2022 — TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. Se ha detectado que los routers TP-Link TL-WR902AC(US)_V3_191209, contienen un desbordamiento de pila en la función DM_ Fillobjbystr(). Esta vulnerabilidad permite a atacantes no autenticados ejecutar código arbitrario • https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902AC • CWE-787: Out-of-bounds Write •