cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-24352,https://securityvulnerability.io/vulnerability/CVE-2022-24352,Arbitrary Code Execution in TP-Link AC1750 Routers due to Weak Input Validation,"A vulnerability exists in TP-Link AC1750 routers due to improper input validation in the NetUSB.ko kernel module. This flaw allows network-adjacent attackers to execute arbitrary code on affected devices without requiring authentication. The lack of proper validation can lead to a buffer overflow, allowing exploitation that grants attackers root-level access to the system. Users of these routers should apply available security updates to mitigate the risk.",Tp-link,Ac1750,8.8,HIGH,0.0005499999970197678,false,,false,false,false,,,false,false,,2023-03-28T00:00:00.000Z,0
CVE-2022-24353,https://securityvulnerability.io/vulnerability/CVE-2022-24353,Arbitrary Code Execution Vulnerability in TP-Link AC1750 Routers,"This vulnerability affects TP-Link AC1750 routers, specifically the NetUSB.ko module, allowing network-adjacent attackers to execute arbitrary code on devices running affected firmware versions without requiring authentication. The flaw arises from inadequate validation of user-supplied data, potentially resulting in a read beyond the end of an allocated buffer. Successful exploitation could enable attackers to execute code with root user privileges, compromising the integrity of the affected device.",Tp-link,Ac1750,8.8,HIGH,0.0005499999970197678,false,,false,false,false,,,false,false,,2023-03-28T00:00:00.000Z,0
CVE-2022-24354,https://securityvulnerability.io/vulnerability/CVE-2022-24354,Arbitrary Code Execution Vulnerability in TP-Link AC1750 Routers,"This vulnerability exposes TP-Link AC1750 routers to potential exploitation by network-adjacent attackers, enabling them to execute arbitrary code without the need for authentication. The flaw lies within the NetUSB.ko module, where insufficient validation of user-supplied data leads to an integer overflow, resulting in buffer allocation issues. By leveraging this vulnerability, attackers can gain root-level access, putting the security of affected devices at significant risk.",Tp-link,Ac1750,8.8,HIGH,0.001550000044517219,false,,false,false,false,,,false,false,,2022-02-18T19:52:04.000Z,0
CVE-2021-27246,https://securityvulnerability.io/vulnerability/CVE-2021-27246,Arbitrary Code Execution Vulnerability in TP-Link Archer A7 AC1750 Routers,"A vulnerability exists in TP-Link Archer A7 AC1750 routers that allows network-adjacent attackers to execute arbitrary code. This flaw is due to improper handling of MAC addresses by the tdpServer endpoint. An attacker can exploit this vulnerability by sending a specially crafted TCP message that writes stack pointers to the memory stack. As a result, the attacker is able to execute code with root-level privileges, posing significant risks to network security.",Tp-link,Ac1750,8,HIGH,0.001820000004954636,false,,false,false,true,2021-03-01T16:45:42.000Z,true,false,false,,2021-04-14T15:45:53.000Z,0
CVE-2020-28347,https://securityvulnerability.io/vulnerability/CVE-2020-28347,Remote Code Execution Vulnerability on TP-Link Archer A7 AC1750 Devices,"The tdpServer on TP-Link Archer A7 AC1750 devices prior to version 201029 is susceptible to remote code execution. This vulnerability arises when attackers exploit the 'slave_mac' parameter, allowing them to execute arbitrary code on the device. The issue is a result of an incomplete fix for a previous vulnerability, CVE-2020-10882, which failed to properly handle shell quotes. This oversight exposes the device to unauthorized commands, posing a significant risk to network security.",Tp-link,Ac1750 Firmware,9.8,CRITICAL,0.07586999982595444,false,,false,false,true,2020-04-07T17:57:34.000Z,true,false,false,,2020-11-08T20:00:39.000Z,0