cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2023-50225,https://securityvulnerability.io/vulnerability/CVE-2023-50225,TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability,"TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-21819.",Tp-link,Tl-wr902ac,6.8,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-05-03T03:16:00.000Z,0 CVE-2023-44447,https://securityvulnerability.io/vulnerability/CVE-2023-44447,Improper Authentication Information Disclosure Vulnerability Affects TP-Link Routers,"The TP-Link TL-WR902AC router is susceptible to an information disclosure vulnerability due to improper authentication in its httpd service. This vulnerability permits network-adjacent attackers to extract sensitive data without requiring authentication, potentially disclosing stored credentials. The flaw arises from the default service configuration listening on TCP port 80. Exploitation of this vulnerability can lead to further unauthorized access and compromise of system integrity.",Tp-link,Tl-wr902ac,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-05-03T02:14:09.524Z,0 CVE-2023-36489,https://securityvulnerability.io/vulnerability/CVE-2023-36489,Command Execution Vulnerability in TP-LINK Routers and Access Points,"Multiple TP-LINK router and access point models are susceptible to a command execution vulnerability that allows unauthenticated attackers on the same network to run arbitrary operating system commands. This flaw can lead to unauthorized access and potential compromise of the device’s integrity. Users are strongly advised to update their firmware to specific versions that address this vulnerability, ensuring enhanced security for their network devices.",Tp-link,"Tl-wr802n,Tl-wr841n,Tl-wr902ac",8.8,HIGH,0.0012600000482052565,false,,false,false,false,,,false,false,,2023-09-06T10:15:00.000Z,0 CVE-2022-48194,https://securityvulnerability.io/vulnerability/CVE-2022-48194,Remote Code Execution Vulnerability in TP-Link TL-WR902AC Devices,"The TP-Link TL-WR902AC devices, specifically version v3.0.9.1, are susceptible to a remote code execution vulnerability that allows authenticated attackers to exploit inadequate signature checks during firmware updates. This can lead to arbitrary code execution or a Denial of Service (DoS). Attackers can upload malicious firmware, potentially compromising the integrity and availability of the device, thus posing a significant security risk that affects users relying on this product for their networking needs.",Tp-link,Tl-wr902ac Firmware,8.8,HIGH,0.026559999212622643,false,,false,false,true,2022-12-29T10:32:23.000Z,true,false,false,,2022-12-30T00:00:00.000Z,0 CVE-2022-25074,https://securityvulnerability.io/vulnerability/CVE-2022-25074,Stack Overflow Vulnerability in TP-Link Router Models,"The TP-Link TL-WR902AC(US)_V3_191209 routers are vulnerable to a stack overflow in the DM_Fillobjbystr() function. This security weakness permits unauthenticated attackers to execute arbitrary code, posing significant risks to network security and device integrity.",Tp-link,Tl-wr902ac Firmware,9.8,CRITICAL,0.0022899999748915434,false,,false,false,false,,,false,false,,2022-02-24T15:15:00.000Z,0