cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2023-50225,https://securityvulnerability.io/vulnerability/CVE-2023-50225,TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability,"TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-21819.",Tp-link,Tl-wr902ac,6.8,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-05-03T03:16:00.000Z,0 CVE-2023-44447,https://securityvulnerability.io/vulnerability/CVE-2023-44447,Improper Authentication Information Disclosure Vulnerability Affects TP-Link Routers,"The TP-Link TL-WR902AC router is susceptible to an information disclosure vulnerability due to improper authentication in its httpd service. This vulnerability permits network-adjacent attackers to extract sensitive data without requiring authentication, potentially disclosing stored credentials. The flaw arises from the default service configuration listening on TCP port 80. Exploitation of this vulnerability can lead to further unauthorized access and compromise of system integrity.",Tp-link,Tl-wr902ac,6.5,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-05-03T02:14:09.524Z,0 CVE-2023-36489,https://securityvulnerability.io/vulnerability/CVE-2023-36489,Command Execution Vulnerability in TP-LINK Routers and Access Points,"Multiple TP-LINK router and access point models are susceptible to a command execution vulnerability that allows unauthenticated attackers on the same network to run arbitrary operating system commands. This flaw can lead to unauthorized access and potential compromise of the device’s integrity. Users are strongly advised to update their firmware to specific versions that address this vulnerability, ensuring enhanced security for their network devices.",Tp-link,"Tl-wr802n,Tl-wr841n,Tl-wr902ac",8.8,HIGH,0.0011399999493733048,false,false,false,false,,false,false,2023-09-06T10:15:00.000Z,0 CVE-2022-48194,https://securityvulnerability.io/vulnerability/CVE-2022-48194,,TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.,Tp-link,Tl-wr902ac Firmware,8.8,HIGH,0.026559999212622643,false,false,false,true,true,false,false,2022-12-30T00:00:00.000Z,0 CVE-2022-25074,https://securityvulnerability.io/vulnerability/CVE-2022-25074,,TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.,Tp-link,Tl-wr902ac Firmware,9.8,CRITICAL,0.0021699999924749136,false,false,false,false,,false,false,2022-02-24T15:15:00.000Z,0