cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-50224,https://securityvulnerability.io/vulnerability/CVE-2023-50224,TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability,"TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
. Was ZDI-CAN-19899.",Tp-link,Tl-wr841n,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T03:16:00.000Z,0
CVE-2023-39471,https://securityvulnerability.io/vulnerability/CVE-2023-39471,чной Code Injection Vulnerability Affects TP-Link Routers,"The TP-Link TL-WR841N router is vulnerable to a command injection issue within the ated_tp service, which permits network-adjacent attackers to execute arbitrary code on affected installations. The vulnerability stems from insufficient validation of user input before it is utilized in system calls. Notably, exploitation of this flaw does not require authentication, potentially allowing unauthorized users to run arbitrary code with root privileges. This significantly compromises the integrity and security of the affected devices.",Tp-link,Tl-wr841n,7.5,HIGH,0.000699999975040555,false,,false,false,false,,,false,false,,2024-05-03T02:10:38.498Z,0
CVE-2023-36489,https://securityvulnerability.io/vulnerability/CVE-2023-36489,Command Execution Vulnerability in TP-LINK Routers and Access Points,"Multiple TP-LINK router and access point models are susceptible to a command execution vulnerability that allows unauthenticated attackers on the same network to run arbitrary operating system commands. This flaw can lead to unauthorized access and potential compromise of the device’s integrity. Users are strongly advised to update their firmware to specific versions that address this vulnerability, ensuring enhanced security for their network devices.",Tp-link,"Tl-wr802n,Tl-wr841n,Tl-wr902ac",8.8,HIGH,0.0012600000482052565,false,,false,false,false,,,false,false,,2023-09-06T10:15:00.000Z,0
CVE-2022-42433,https://securityvulnerability.io/vulnerability/CVE-2022-42433,Arbitrary Code Execution Vulnerability in TP-Link Routers,"This vulnerability in TP-Link TL-WR841N routers exposes installations to network-adjacent attackers who can execute arbitrary code. Although authentication is necessary for exploitation, the flawed mechanism can be bypassed. The vulnerability stems from inadequate validation of user-supplied strings utilized in system calls within the ated_tp service. By exploiting this flaw, an attacker may execute code with root privileges, compromising the device's security and potentially enabling further attacks on the network.",Tp-link,Tl-wr841n,6.4,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-46912,https://securityvulnerability.io/vulnerability/CVE-2022-46912,Arbitrary Code Execution and DoS Vulnerability in TP-Link TL-WR841N and TL-WA841ND Routers,"A significant vulnerability exists in the firmware update process of TP-Link TL-WR841N and TL-WA841ND V7 routers, affecting versions 3.13.9 and earlier. This flaw allows attackers to upload malicious firmware images, which can lead to arbitrary code execution or trigger a Denial of Service (DoS). Users of these router models are urged to review their firmware versions and consider updates to protect their networks against potential exploitation.",Tp-link,Tl-wr841n Firmware,8.8,HIGH,0.0021800000686198473,false,,false,false,false,,,false,false,,2022-12-20T00:00:00.000Z,0
CVE-2022-42202,https://securityvulnerability.io/vulnerability/CVE-2022-42202,Cross Site Scripting Vulnerability in TP-Link TL-WR841N Router,"The TP-Link TL-WR841N router version 8.0 with firmware 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS) attacks. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users, potentially compromising the integrity of user data and session information. When exploited, it can lead to unauthorized actions being performed on behalf of users without their awareness, posing a serious threat to the security of personal and sensitive information.",Tp-link,Tl-wr841n Firmware,6.1,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-10-18T00:00:00.000Z,0
CVE-2022-25073,https://securityvulnerability.io/vulnerability/CVE-2022-25073,Stack Overflow Vulnerability in TP-Link Routers,"The TL-WR841Nv14_US_0.9.1_4.18 router is vulnerable to a stack overflow due to a flaw found in the function dm_fillObjByStr(). This security issue could be exploited by unauthenticated attackers to execute arbitrary code, potentially leading to unauthorized access and control over the device.",Tp-link,Tl-wr841n Firmware,9.8,CRITICAL,0.0022899999748915434,false,,false,false,false,,,false,false,,2022-02-24T15:15:00.000Z,0
CVE-2022-0162,https://securityvulnerability.io/vulnerability/CVE-2022-0162,Vulnerability in TP-LinK TL-WR841N wireless router,The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.,Tp-link,Tl-wr841n,8.4,HIGH,0.004490000195801258,false,,false,false,false,,,false,false,,2022-02-09T23:15:00.000Z,0
CVE-2020-35576,https://securityvulnerability.io/vulnerability/CVE-2020-35576,Command Injection Vulnerability in TP-Link TL-WR841N Router,"A command injection vulnerability exists in the traceroute feature of the TP-Link TL-WR841N V13 (JP) router. This flaw allows authenticated users to exploit the device by injecting arbitrary shell metacharacters, enabling them to execute code with root privileges. This vulnerability specifically affects versions of the firmware released before 201216, differing from previous vulnerabilities like CVE-2018-12577. Users are urged to update their firmware to mitigate the risks associated with this security issue.",Tp-link,Tl-wr841n Firmware,8.8,HIGH,0.03082999959588051,false,,false,false,false,,,false,false,,2021-01-26T18:15:00.000Z,0
CVE-2020-8423,https://securityvulnerability.io/vulnerability/CVE-2020-8423,Buffer Overflow Vulnerability in TP-Link TL-WR841N V10 Firmware,"A buffer overflow vulnerability exists in the httpd daemon on TP-Link TL-WR841N V10 devices running firmware version 3.16.9. An authenticated remote attacker could exploit this issue by sending a specially crafted GET request to the Wi-Fi network configuration page. This action may allow the attacker to execute arbitrary code on the device, potentially compromising its security and functionality.",Tp-link,Tl-wr841n Firmware,7.2,HIGH,0.004209999926388264,false,,false,false,true,2022-09-20T21:13:53.000Z,true,false,false,,2020-04-02T17:00:17.000Z,0
CVE-2019-17147,https://securityvulnerability.io/vulnerability/CVE-2019-17147,Remote Code Execution Flaw in TP-LINK TL-WR841N Routers,"This security flaw within the TP-LINK TL-WR841N router permits remote attackers to execute arbitrary code without requiring authentication. The vulnerability arises from improper validation of the Host request header's length when processed by the web service on TCP port 80. As a result, an attacker can exploit this vulnerability to run code as the admin user, potentially compromising the router's integrity and security.",Tp-link,Tl-wr841n,8.8,HIGH,0.028540000319480896,false,,false,false,true,2022-01-16T07:08:57.000Z,true,false,false,,2020-01-07T23:05:23.000Z,0
CVE-2018-12574,https://securityvulnerability.io/vulnerability/CVE-2018-12574,,CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.,Tp-link,Tl-wr841n Firmware,8.8,HIGH,0.007799999788403511,false,,false,false,false,,,false,false,,2018-07-02T16:00:00.000Z,0
CVE-2018-12577,https://securityvulnerability.io/vulnerability/CVE-2018-12577,,The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.,Tp-link,Tl-wr841n Firmware,8.8,HIGH,0.001339999958872795,false,,false,false,false,,,false,false,,2018-07-02T16:00:00.000Z,0
CVE-2018-12576,https://securityvulnerability.io/vulnerability/CVE-2018-12576,,TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.,Tp-link,Tl-wr841n Firmware,4.3,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2018-07-02T16:00:00.000Z,0
CVE-2018-12575,https://securityvulnerability.io/vulnerability/CVE-2018-12575,,"On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.",Tp-link,Tl-wr841n Firmware,9.8,CRITICAL,0.01655999943614006,false,,false,false,false,,,false,false,,2018-07-02T16:00:00.000Z,0
CVE-2015-3035,https://securityvulnerability.io/vulnerability/CVE-2015-3035,,"Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.",Tp-link,Tl-wr841n \(9.0\) Firmware,7.5,HIGH,0.9432500004768372,true,2022-03-25T00:00:00.000Z,false,false,true,2022-03-25T00:00:00.000Z,,false,false,,2015-04-22T01:59:00.000Z,0
CVE-2012-6316,https://securityvulnerability.io/vulnerability/CVE-2012-6316,,Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm.,Tp-link,"Tl-wr841n Firmware,Tl-wr841n",,,0.0009500000160187483,false,,false,false,false,,,false,false,,2014-09-30T14:00:00.000Z,0
CVE-2012-6276,https://securityvulnerability.io/vulnerability/CVE-2012-6276,,Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter.,Tp-link,"Tl-wr841n Firmware,Tl-wr841n",,,0.005679999943822622,false,,false,false,false,,,false,false,,2013-01-26T21:55:00.000Z,0
CVE-2012-5687,https://securityvulnerability.io/vulnerability/CVE-2012-5687,,Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.,Tp-link,"Tl-wr841n,Tl-wr841n Firmware",,,0.3061099946498871,false,,false,false,false,,,false,false,,2012-11-01T10:00:00.000Z,0