cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-50224,https://securityvulnerability.io/vulnerability/CVE-2023-50224,TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability,"TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
. Was ZDI-CAN-19899.",Tp-link,Tl-wr841n,6.5,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0
CVE-2023-39471,https://securityvulnerability.io/vulnerability/CVE-2023-39471,чной Code Injection Vulnerability Affects TP-Link Routers,"The TP-Link TL-WR841N router is vulnerable to a command injection issue within the ated_tp service, which permits network-adjacent attackers to execute arbitrary code on affected installations. The vulnerability stems from insufficient validation of user input before it is utilized in system calls. Notably, exploitation of this flaw does not require authentication, potentially allowing unauthorized users to run arbitrary code with root privileges. This significantly compromises the integrity and security of the affected devices.",Tp-link,Tl-wr841n,7.5,HIGH,0.000699999975040555,false,false,false,false,,false,false,2024-05-03T02:10:38.498Z,0
CVE-2023-36489,https://securityvulnerability.io/vulnerability/CVE-2023-36489,Command Execution Vulnerability in TP-LINK Routers and Access Points,"Multiple TP-LINK router and access point models are susceptible to a command execution vulnerability that allows unauthenticated attackers on the same network to run arbitrary operating system commands. This flaw can lead to unauthorized access and potential compromise of the device’s integrity. Users are strongly advised to update their firmware to specific versions that address this vulnerability, ensuring enhanced security for their network devices.",Tp-link,"Tl-wr802n,Tl-wr841n,Tl-wr902ac",8.8,HIGH,0.0011399999493733048,false,false,false,false,,false,false,2023-09-06T10:15:00.000Z,0
CVE-2022-42433,https://securityvulnerability.io/vulnerability/CVE-2022-42433,,"This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_V14_220121 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17356.",Tp-link,Tl-wr841n,6.4,MEDIUM,0.0006300000241026282,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-46912,https://securityvulnerability.io/vulnerability/CVE-2022-46912,,An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.,Tp-link,Tl-wr841n Firmware,8.8,HIGH,0.0021800000686198473,false,false,false,false,,false,false,2022-12-20T00:00:00.000Z,0
CVE-2022-42202,https://securityvulnerability.io/vulnerability/CVE-2022-42202,,TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).,Tp-link,Tl-wr841n Firmware,6.1,MEDIUM,0.0006300000241026282,false,false,false,false,,false,false,2022-10-18T00:00:00.000Z,0
CVE-2022-25073,https://securityvulnerability.io/vulnerability/CVE-2022-25073,,TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.,Tp-link,Tl-wr841n Firmware,9.8,CRITICAL,0.0021699999924749136,false,false,false,false,,false,false,2022-02-24T15:15:00.000Z,0
CVE-2022-0162,https://securityvulnerability.io/vulnerability/CVE-2022-0162,Vulnerability in TP-LinK TL-WR841N wireless router,The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.,Tp-link,Tl-wr841n,8.4,HIGH,0.004490000195801258,false,false,false,false,,false,false,2022-02-09T23:15:00.000Z,0
CVE-2020-35576,https://securityvulnerability.io/vulnerability/CVE-2020-35576,,"A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.",Tp-link,Tl-wr841n Firmware,8.8,HIGH,0.02833000011742115,false,false,false,false,,false,false,2021-01-26T18:15:00.000Z,0
CVE-2020-8423,https://securityvulnerability.io/vulnerability/CVE-2020-8423,,A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network.,Tp-link,Tl-wr841n Firmware,7.2,HIGH,0.004209999926388264,false,false,false,true,true,false,false,2020-04-02T17:00:17.000Z,0
CVE-2019-17147,https://securityvulnerability.io/vulnerability/CVE-2019-17147,,"This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457.",Tp-link,Tl-wr841n,8.8,HIGH,0.027240000665187836,false,false,false,true,true,false,false,2020-01-07T23:05:23.000Z,0
CVE-2018-12575,https://securityvulnerability.io/vulnerability/CVE-2018-12575,,"On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.",Tp-link,Tl-wr841n Firmware,9.8,CRITICAL,0.01655999943614006,false,false,false,false,,false,false,2018-07-02T16:00:00.000Z,0
CVE-2018-12577,https://securityvulnerability.io/vulnerability/CVE-2018-12577,,The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.,Tp-link,Tl-wr841n Firmware,8.8,HIGH,0.001339999958872795,false,false,false,false,,false,false,2018-07-02T16:00:00.000Z,0
CVE-2018-12574,https://securityvulnerability.io/vulnerability/CVE-2018-12574,,CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.,Tp-link,Tl-wr841n Firmware,8.8,HIGH,0.007799999788403511,false,false,false,false,,false,false,2018-07-02T16:00:00.000Z,0
CVE-2018-12576,https://securityvulnerability.io/vulnerability/CVE-2018-12576,,TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.,Tp-link,Tl-wr841n Firmware,4.3,MEDIUM,0.0007600000244565308,false,false,false,false,,false,false,2018-07-02T16:00:00.000Z,0
CVE-2015-3035,https://securityvulnerability.io/vulnerability/CVE-2015-3035,,"Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.",Tp-link,Tl-wr841n \(9.0\) Firmware,7.5,HIGH,0.9432500004768372,true,false,false,true,,false,false,2015-04-22T01:59:00.000Z,0
CVE-2012-6316,https://securityvulnerability.io/vulnerability/CVE-2012-6316,,Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm.,Tp-link,"Tl-wr841n Firmware,Tl-wr841n",,,0.0009500000160187483,false,false,false,false,,false,false,2014-09-30T14:00:00.000Z,0
CVE-2012-6276,https://securityvulnerability.io/vulnerability/CVE-2012-6276,,Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter.,Tp-link,"Tl-wr841n Firmware,Tl-wr841n",,,0.005679999943822622,false,false,false,false,,false,false,2013-01-26T21:55:00.000Z,0
CVE-2012-5687,https://securityvulnerability.io/vulnerability/CVE-2012-5687,,Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.,Tp-link,"Tl-wr841n,Tl-wr841n Firmware",,,0.3061099946498871,false,false,false,false,,false,false,2012-11-01T10:00:00.000Z,0