CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2022-46430
https://notcve.org/view.php?id=CVE-2022-46430
20 Dec 2022 — TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. TP-Link TL-WR740N V1 y V2 v3.12.4 y anteriores permiten a atacantes autenticados ejecutar código arbitrario o provocar una Denegación de Servicio (DoS) mediante la carga de una imagen de firmware manipulada durante el proceso de actualización del firmware. • https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BJxlw2Pwi • CWE-494: Download of Code Without Integrity Check •
CVSS: 9.8EPSS: 35%CPEs: 54EXPL: 3CVE-2020-35575 – TP-Link TL-WR841N Command Injection
https://notcve.org/view.php?id=CVE-2020-35575
26 Dec 2020 — A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices. Un problema de divulgación de contraseña en la interfaz web... • https://packetstorm.news/files/id/163274 •
CVSS: 7.8EPSS: 93%CPEs: 26EXPL: 5CVE-2015-3035 – TP-Link Multiple Archer Devices Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2015-3035
10 Apr 2015 — Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot)... • https://packetstorm.news/files/id/180649 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •