cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-39745,https://securityvulnerability.io/vulnerability/CVE-2023-39745,Buffer Overflow Vulnerability in TP-Link Wireless Routers,"A buffer overflow vulnerability exists in TP-Link TL-WR940N V2, TL-WR941ND V5, and TL-WR841N V8 routers. This vulnerability occurs via the component /userRpm/AccessCtrlAccessRulesRpm, allowing attackers who send a specially crafted GET request to the affected devices to achieve a Denial of Service (DoS). The flaw enables potential disruption of service, affecting availability for users and posing a security risk to network environments.",Tp-link,Tl-wr940n V2 Firmware,7.5,HIGH,0.0005799999926239252,false,,false,false,false,,,false,false,,2023-08-21T03:15:00.000Z,0
CVE-2023-39747,https://securityvulnerability.io/vulnerability/CVE-2023-39747,Buffer Overflow Vulnerability in TP-Link Wireless Routers,"A buffer overflow vulnerability has been identified in certain TP-Link wireless routers, including models WR841N V8, TL-WR940N V2, and TL-WR941ND V5. This vulnerability occurs in the 'radiusSecret' parameter on the /userRpm/WlanSecurityRpm endpoint. An attacker can exploit this flaw to potentially execute arbitrary code, leading to unauthorized access and compromises in device integrity. Users are advised to apply the latest firmware updates and enhance their network security configurations to mitigate these risks.",Tp-link,Tl-wr940n V2 Firmware,9.8,CRITICAL,0.0008299999753944576,false,,false,false,false,,,false,false,,2023-08-21T03:15:00.000Z,0
CVE-2023-36359,https://securityvulnerability.io/vulnerability/CVE-2023-36359,Buffer Overflow Vulnerability in TP-Link Wireless Routers,"A buffer overflow vulnerability has been identified in TP-Link’s wireless routers, including models TL-WR940N and TL-WR841N. Specifically, the issue arises in the component /userRpm/QoSRuleListRpm, allowing attackers to exploit this flaw by sending specially crafted GET requests. Successful exploitation can lead to a Denial of Service (DoS), potentially rendering the affected devices inoperable. Users are advised to apply security patches released by TP-Link to mitigate this risk.",Tp-link,Tl-wr940n Firmware,7.5,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2023-06-22T00:00:00.000Z,0
CVE-2023-36354,https://securityvulnerability.io/vulnerability/CVE-2023-36354,Buffer Overflow in TP-Link Routers Exposing User Access Control,"Several TP-Link router models have been found to contain a buffer overflow vulnerability in the /userRpm/AccessCtrlTimeSchedRpm component. This weakness allows attackers to craft specific GET requests that can lead to a Denial of Service (DoS), potentially disrupting network access and performance for legitimate users. Home and small office users of affected TP-Link devices should ensure that their firmware is up to date to mitigate the risk.",Tp-link,Tl-wr940n Firmware,7.5,HIGH,0.0006799999973736703,false,,false,false,false,,,false,false,,2023-06-22T00:00:00.000Z,0
CVE-2023-36355,https://securityvulnerability.io/vulnerability/CVE-2023-36355,Buffer Overflow Vulnerability in TP-Link TL-WR940N V4 Router,"A buffer overflow vulnerability has been identified in the TP-Link TL-WR940N V4 wireless router. This issue is triggered through the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm, where an attacker can exploit it through a specially crafted GET request. Successfully executing this attack can lead to a Denial of Service condition, rendering the device unresponsive. It is crucial for users to apply the latest firmware updates to mitigate this risk and secure their network.",Tp-link,Tl-wr940n Firmware,9.9,CRITICAL,0.0026000000070780516,false,,false,false,false,,,false,false,,2023-06-22T00:00:00.000Z,0
CVE-2023-36356,https://securityvulnerability.io/vulnerability/CVE-2023-36356,Buffer Read Out-of-Bounds in TP-Link Routers,"Multiple TP-Link router models, including TL-WR940N and TL-WR841N, contain a buffer read out-of-bounds vulnerability in the /userRpm/VirtualServerRpm component. This flaw can be exploited by attackers through specially crafted GET requests, potentially leading to a Denial of Service (DoS) condition, impacting the availability of the affected devices. Users should ensure their firmware is updated to mitigate potential risks associated with this vulnerability.",Tp-link,Tl-wr940n Firmware,7.7,HIGH,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-06-22T00:00:00.000Z,0
CVE-2023-36357,https://securityvulnerability.io/vulnerability/CVE-2023-36357,Denial of Service Vulnerability in TP-Link Routers,"A security flaw in the /userRpm/LocalManageControlRpm component of several TP-Link router models allows attackers to exploit the system through specially crafted GET requests, resulting in a Denial of Service attack. This vulnerability can disrupt the normal operation of affected devices, making them unavailable to legitimate users.",Tp-link,Tl-wr940n Firmware,7.7,HIGH,0.0005600000149570405,false,,false,false,false,,,false,false,,2023-06-22T00:00:00.000Z,0
CVE-2023-36358,https://securityvulnerability.io/vulnerability/CVE-2023-36358,Buffer Overflow Vulnerability in TP-Link Routers,"Multiple TP-Link router models have been identified to have a buffer overflow vulnerability in the /userRpm/AccessCtrlAccessTargetsRpm component. Attackers can exploit this vulnerability by sending specially crafted GET requests, potentially resulting in a Denial of Service (DoS). This issue underscores the importance of securing IoT devices and regularly updating firmware to mitigate risks.",Tp-link,Tl-wr940n Firmware,7.7,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2023-06-22T00:00:00.000Z,0
CVE-2023-33538,https://securityvulnerability.io/vulnerability/CVE-2023-33538,Command Injection Vulnerability in TP-Link Routers,"Recent findings indicate a command injection vulnerability present in specific TP-Link router models, including TL-WR940N, TL-WR841N, and TL-WR740N. This vulnerability arises from improper handling of requests via the component /userRpm/WlanNetworkRpm, which could allow attackers to execute arbitrary commands on the device. Users of these routers should apply the latest firmware updates and follow best practices for securing their network environments to mitigate potential risks.",Tp-link,Tl-wr940n Firmware,8.8,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2023-06-07T04:15:00.000Z,0
CVE-2023-33536,https://securityvulnerability.io/vulnerability/CVE-2023-33536,Buffer Overflow Vulnerability in TP-Link Routers,"A buffer overflow vulnerability has been identified in specific TP-Link router models, namely TL-WR940N, TL-WR841N, and TL-WR740N. This vulnerability is found in the component responsible for WLAN MAC filtering, located at /userRpm/WlanMacFilterRpm. Exploiting this flaw may allow an attacker to execute arbitrary code or alter the router's behavior, potentially compromising the confidentiality and integrity of network traffic. It is crucial for users of these devices to apply mitigations or updates provided by TP-Link to ensure the security and stability of their network environments.",Tp-link,Tl-wr940n Firmware,8.1,HIGH,0.0007699999841861427,false,,false,false,false,,,false,false,,2023-06-07T04:15:00.000Z,0
CVE-2023-33537,https://securityvulnerability.io/vulnerability/CVE-2023-33537,"Buffer Overflow in TP-Link Routers TL-WR940N, TL-WR841N, and TL-WR740N","A buffer overflow vulnerability has been identified in multiple TP-Link router models, including TL-WR940N, TL-WR841N, and TL-WR740N. This issue arises within the /userRpm/FixMapCfgRpm component, potentially allowing an attacker to execute arbitrary code or cause a denial of service. Users of the affected models should take immediate action to mitigate this risk by applying the latest firmware updates provided by TP-Link and following security best practices to secure their networks.",Tp-link,Tl-wr940n Firmware,8.1,HIGH,0.0007699999841861427,false,,false,false,false,,,false,false,,2023-06-07T04:15:00.000Z,0
CVE-2022-43635,https://securityvulnerability.io/vulnerability/CVE-2022-43635,Sensitive Information Disclosure in TP-Link TL-WR940N Routers,"The vulnerability present in TP-Link TL-WR940N routers allows unauthorized network-adjacent attackers to gain access to sensitive information. The issue arises from a flaw in the httpd service running on TCP port 80, where the authentication algorithm has been incorrectly implemented. This vulnerability enables attackers to disclose stored credentials without requiring any form of authentication, paving the way for further attacks on the system.",Tp-link,Tl-wr940n,6.5,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-43636,https://securityvulnerability.io/vulnerability/CVE-2022-43636,Authentication Bypass Vulnerability in TP-Link Routers,"This vulnerability in TP-Link TL-WR940N routers allows nearby attackers to bypass authentication mechanisms due to a flaw in the httpd service. The service, which operates on TCP port 80, suffers from insufficient randomness in session management sequence numbers. As a result, attackers can exploit this weakness to obtain unauthorized access to the router’s functionalities without needing prior authentication. Users are encouraged to consult the vendor for patches or mitigations.",Tp-link,Tl-wr940n,7.5,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-24972,https://securityvulnerability.io/vulnerability/CVE-2022-24972,Sensitive Information Disclosure in TP-Link TL-WR940N Router,"A vulnerability in TP-Link TL-WR940N routers allows network-adjacent attackers to disclose sensitive information. The flaw exists in the httpd service, which by default listens on TCP port 80, lacking adequate access control. This absence of protection enables attackers to extract stored credentials without requiring authentication, potentially leading to further system compromise. For more details, refer to the advisory from Zero Day Initiative.",Tp-link,Tl-wr940n,6.5,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2023-03-28T00:00:00.000Z,0
CVE-2022-0650,https://securityvulnerability.io/vulnerability/CVE-2022-0650,Arbitrary Code Execution in TP-Link TL-WR940N Router Due to Buffer Overflow,"The TP-Link TL-WR940N router has a vulnerability that can be exploited by attackers on the same network, allowing them to execute arbitrary code. This flaw in the httpd service, which runs on TCP port 80, stems from inadequate validation of the length of user-supplied data before it is copied to a fixed-length buffer. By manipulating this weakness, an authenticated attacker can run code with root privileges, potentially compromising the entire device.",Tp-link,Tl-wr940n,6.8,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-03-28T00:00:00.000Z,0
CVE-2022-24973,https://securityvulnerability.io/vulnerability/CVE-2022-24973,Arbitrary Code Execution Vulnerability in TP-Link Routers,"This vulnerability affects TP-Link TL-WR940N routers, allowing network-adjacent attackers to execute arbitrary code on affected installations. The flaw occurs within the HTTP daemon (httpd) listening on TCP port 80, which fails to properly validate the length of user-supplied data before copying it to a fixed-length stack-based buffer. Although authentication is mandatory for exploitation, should an attacker succeed, they could execute arbitrary code with root privileges, posing significant risks to the device and connected network.",Tp-link,Tl-wr940n,6.8,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-03-28T00:00:00.000Z,0
CVE-2023-23040,https://securityvulnerability.io/vulnerability/CVE-2023-23040,Weak MD5 Hashing Vulnerability in TP-Link Router TL-WR940N,"The TP-Link TL-WR940N V6 3.19.1 Build 180119 router employs a deprecated MD5 hashing algorithm for the admin password used in basic authentication. This weak hashing technique renders the password susceptible to brute-force attacks, endangering the router's security. Users of this device should be aware of the potential risks and consider updating their firmware or adopting stronger security measures.",Tp-link,Tl-wr940n Firmware,7.5,HIGH,0.004089999943971634,false,,false,false,false,,,false,false,,2023-02-22T00:00:00.000Z,0
CVE-2022-46139,https://securityvulnerability.io/vulnerability/CVE-2022-46139,Denial of Service Vulnerability in TP-Link Router Products,"The TP-Link TL-WR940N V4 firmware update process is vulnerable, allowing authenticated attackers to upload a specially crafted firmware image. This can lead to a Denial of Service, rendering the device unusable until it is restored to a functional state. It is essential for users to apply the latest firmware updates to mitigate this risk and ensure the ongoing security of their network devices.",Tp-link,Tl-wr940n V4 Firmware,6.5,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-12-20T00:00:00.000Z,0
CVE-2022-24355,https://securityvulnerability.io/vulnerability/CVE-2022-24355,Arbitrary Code Execution Vulnerability in TP-Link Router,"This vulnerability exists in the TP-Link TL-WR940N router, allowing attackers in the network vicinity to execute arbitrary code due to insufficient validation of user-supplied data lengths when parsing file name extensions. This flaw can be exploited without authentication, enabling attackers to run malicious code with root privileges, thus compromising the device's integrity and potentially allowing further exploitation of the internal network.",Tp-link,Tl-wr940n,8.8,HIGH,0.0026000000070780516,false,,false,false,false,,,false,false,,2022-02-18T19:52:05.000Z,0
CVE-2019-6989,https://securityvulnerability.io/vulnerability/CVE-2019-6989,Buffer Overflow Vulnerability in TP-Link TL-WR940N Router,"The TP-Link TL-WR940N router is susceptible to a stack-based buffer overflow due to inadequate bounds checking in the ipAddrDispose function. This vulnerability allows a remote authenticated attacker to craft and send malicious ICMP echo request packets, potentially leading to the overflow of a buffer. Such exploitation could facilitate the execution of arbitrary code on the affected system with elevated privileges, resulting in the compromise of the device's security.",Tp-link,Tl-wr940n Firmware,8.8,HIGH,0.054510001093149185,false,,false,false,false,,,false,false,,2019-06-06T17:24:50.000Z,0