Total
19 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-29402 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. | |||||
CVE-2022-26642 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. | |||||
CVE-2022-26641 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter. | |||||
CVE-2022-26640 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter. | |||||
CVE-2022-26639 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. | |||||
CVE-2022-25064 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. | |||||
CVE-2022-25062 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||||
CVE-2022-25061 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. | |||||
CVE-2022-25060 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. | |||||
CVE-2021-46122 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature. | |||||
CVE-2021-41653 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | |||||
CVE-2021-29280 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 4.3 MEDIUM | 6.4 MEDIUM |
In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow | |||||
CVE-2020-36178 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem. | |||||
CVE-2019-15060 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field. | |||||
CVE-2019-12195 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet. | |||||
CVE-2018-15840 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command. | |||||
CVE-2018-15172 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. | |||||
CVE-2018-11714 | 1 Tp-link | 4 Tl-wr840n, Tl-wr840n Firmware, Tl-wr841n and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action. | |||||
CVE-2014-9510 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. |