Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for tl-wr902ac_firmware by tp-link

    CVE-2023-50225 (GCVE-0-2023-50225)

    Vulnerability from nvd – Published: 2024-05-03 02:14 – Updated: 2024-09-18 18:30
    VLAI
    Title
    TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-21819.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link TL-WR902AC Affected: 0.9.1 0.3 v008a.0 Build 211025 Rel.76009n(5553)
    Create a notification for this product.
    tp-link tl-wr902ac_firmware Affected: 0 , < TL-WR902AC(US)_V3_220804 (custom)
        cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-12-19 16:13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tl-wr902ac_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "TL-WR902AC(US)_V3_220804",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-50225",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-03T14:35:40.425134Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:18:03.050Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:09:49.665Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1809",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1809/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/ca/support/download/tl-wr902ac/v3/#Firmware"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "TL-WR902AC",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.9.1 0.3 v008a.0 Build 211025 Rel.76009n(5553)"
                }
              ]
            }
          ],
          "dateAssigned": "2023-12-05T19:37:59.702Z",
          "datePublic": "2023-12-19T16:13:58.602Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-21819."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-18T18:30:35.503Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1809",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1809/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.tp-link.com/ca/support/download/tl-wr902ac/v3/#Firmware"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Nicholas Zubrisky and Peter Girnus  of Trend Micro Zero Day Initiative"
          },
          "title": "TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-50225",
        "datePublished": "2024-05-03T02:14:43.626Z",
        "dateReserved": "2023-12-05T16:15:17.543Z",
        "dateUpdated": "2024-09-18T18:30:35.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-44447 (GCVE-0-2023-44447)

    Vulnerability from nvd – Published: 2024-05-03 02:14 – Updated: 2024-08-02 20:07
    VLAI
    Title
    TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability
    Summary
    TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-21529.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link TL-WR902AC Affected: TL-WR902AC(EU)_V1_170628
    Create a notification for this product.
    tp-link tl-wr902ac_firmware Affected: 1.0
        cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-11-14 21:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tl-wr902ac_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-44447",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T20:24:43.431700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:19:35.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:07:33.121Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1623",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1623/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "TL-WR902AC",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "TL-WR902AC(EU)_V1_170628"
                }
              ]
            }
          ],
          "dateAssigned": "2023-09-28T18:14:48.359Z",
          "datePublic": "2023-11-14T21:52:02.996Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-21529."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290: Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T02:14:09.524Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1623",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1623/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Aleksandar Djurdjevic \u0027revengsmK\u0027"
          },
          "title": "TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-44447",
        "datePublished": "2024-05-03T02:14:09.524Z",
        "dateReserved": "2023-09-28T18:02:49.776Z",
        "dateUpdated": "2024-08-02T20:07:33.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36489 (GCVE-0-2023-36489)

    Vulnerability from nvd – Published: 2023-09-06 09:35 – Updated: 2024-09-26 20:03
    VLAI
    Summary
    Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    Assigner
    Impacted products
    Vendor Product Version
    TP-LINK TL-WR802N Affected: firmware versions prior to 'TL-WR802N(JP)_V4_221008'
    Create a notification for this product.
    TP-LINK TL-WR841N Affected: firmware versions prior to 'TL-WR841N(JP)_V14_230506'
    Create a notification for this product.
    TP-LINK TL-WR902AC Affected: firmware versions prior to 'TL-WR902AC(JP)_V3_230506'
    Create a notification for this product.
    tp-link tl-wr802n_firmware Affected: 221008 , < v4_221008 (custom)
        cpe:2.3:o:tp-link:tl-wr802n_firmware:221008:*:*:*:*:*:*:*
    Create a notification for this product.
    tp-link tl-wr841n_firmware Affected: 0 , < v14_230506 (custom)
        cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tp-link tl-wr902ac_firmware Affected: 0 , < v3_230506 (custom)
        cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:45:56.666Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU99392903/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:tl-wr802n_firmware:221008:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tl-wr802n_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "v4_221008",
                    "status": "affected",
                    "version": "221008",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tl-wr841n_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "v14_230506",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tl-wr902ac_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "v3_230506",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36489",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T19:59:52.304215Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T20:03:19.698Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TL-WR802N",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027TL-WR802N(JP)_V4_221008\u0027"
                }
              ]
            },
            {
              "product": "TL-WR841N",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027TL-WR841N(JP)_V14_230506\u0027"
                }
              ]
            },
            {
              "product": "TL-WR902AC",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027TL-WR902AC(JP)_V3_230506\u0027"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to \u0027TL-WR802N(JP)_V4_221008\u0027, TL-WR841N firmware versions prior to \u0027TL-WR841N(JP)_V14_230506\u0027, and TL-WR902AC firmware versions prior to \u0027TL-WR902AC(JP)_V3_230506\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-06T09:35:41.575Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware"
            },
            {
              "url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware"
            },
            {
              "url": "https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU99392903/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-36489",
        "datePublished": "2023-09-06T09:35:41.575Z",
        "dateReserved": "2023-08-15T07:33:33.018Z",
        "dateUpdated": "2024-09-26T20:03:19.698Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-48194 (GCVE-0-2022-48194)

    Vulnerability from nvd – Published: 2022-12-30 00:00 – Updated: 2025-04-10 18:48
    VLAI
    Summary
    TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:10:57.738Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-48194",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T18:44:15.244363Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T18:48:52.744Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-03T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits"
            },
            {
              "url": "http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execution.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-48194",
        "datePublished": "2022-12-30T00:00:00.000Z",
        "dateReserved": "2022-12-30T00:00:00.000Z",
        "dateUpdated": "2025-04-10T18:48:52.744Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25074 (GCVE-0-2022-25074)

    Vulnerability from nvd – Published: 2022-02-22 22:44 – Updated: 2024-08-03 04:29
    VLAI
    Summary
    TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:29:01.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902AC"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-22T22:44:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902AC"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-25074",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902AC",
                  "refsource": "MISC",
                  "url": "https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902AC"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-25074",
        "datePublished": "2022-02-22T22:44:06.000Z",
        "dateReserved": "2022-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:29:01.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-50225 (GCVE-0-2023-50225)

    Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2024-09-18 18:30
    VLAI
    Title
    TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-21819.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link TL-WR902AC Affected: 0.9.1 0.3 v008a.0 Build 211025 Rel.76009n(5553)
    Create a notification for this product.
    tp-link tl-wr902ac_firmware Affected: 0 , < TL-WR902AC(US)_V3_220804 (custom)
        cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-12-19 16:13
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tl-wr902ac_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "TL-WR902AC(US)_V3_220804",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-50225",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-03T14:35:40.425134Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:18:03.050Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:09:49.665Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1809",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1809/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/ca/support/download/tl-wr902ac/v3/#Firmware"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "TL-WR902AC",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.9.1 0.3 v008a.0 Build 211025 Rel.76009n(5553)"
                }
              ]
            }
          ],
          "dateAssigned": "2023-12-05T19:37:59.702Z",
          "datePublic": "2023-12-19T16:13:58.602Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-21819."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-18T18:30:35.503Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1809",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1809/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.tp-link.com/ca/support/download/tl-wr902ac/v3/#Firmware"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Nicholas Zubrisky and Peter Girnus  of Trend Micro Zero Day Initiative"
          },
          "title": "TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-50225",
        "datePublished": "2024-05-03T02:14:43.626Z",
        "dateReserved": "2023-12-05T16:15:17.543Z",
        "dateUpdated": "2024-09-18T18:30:35.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-44447 (GCVE-0-2023-44447)

    Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2024-08-02 20:07
    VLAI
    Title
    TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability
    Summary
    TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-21529.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    TP-Link TL-WR902AC Affected: TL-WR902AC(EU)_V1_170628
    Create a notification for this product.
    tp-link tl-wr902ac_firmware Affected: 1.0
        cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-11-14 21:52
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tl-wr902ac_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-44447",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-09T20:24:43.431700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:19:35.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:07:33.121Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-23-1623",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1623/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "TL-WR902AC",
              "vendor": "TP-Link",
              "versions": [
                {
                  "status": "affected",
                  "version": "TL-WR902AC(EU)_V1_170628"
                }
              ]
            }
          ],
          "dateAssigned": "2023-09-28T18:14:48.359Z",
          "datePublic": "2023-11-14T21:52:02.996Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-21529."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290: Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-03T02:14:09.524Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-23-1623",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1623/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Aleksandar Djurdjevic \u0027revengsmK\u0027"
          },
          "title": "TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2023-44447",
        "datePublished": "2024-05-03T02:14:09.524Z",
        "dateReserved": "2023-09-28T18:02:49.776Z",
        "dateUpdated": "2024-08-02T20:07:33.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36489 (GCVE-0-2023-36489)

    Vulnerability from cvelistv5 – Published: 2023-09-06 09:35 – Updated: 2024-09-26 20:03
    VLAI
    Summary
    Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    Assigner
    Impacted products
    Vendor Product Version
    TP-LINK TL-WR802N Affected: firmware versions prior to 'TL-WR802N(JP)_V4_221008'
    Create a notification for this product.
    TP-LINK TL-WR841N Affected: firmware versions prior to 'TL-WR841N(JP)_V14_230506'
    Create a notification for this product.
    TP-LINK TL-WR902AC Affected: firmware versions prior to 'TL-WR902AC(JP)_V3_230506'
    Create a notification for this product.
    tp-link tl-wr802n_firmware Affected: 221008 , < v4_221008 (custom)
        cpe:2.3:o:tp-link:tl-wr802n_firmware:221008:*:*:*:*:*:*:*
    Create a notification for this product.
    tp-link tl-wr841n_firmware Affected: 0 , < v14_230506 (custom)
        cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    tp-link tl-wr902ac_firmware Affected: 0 , < v3_230506 (custom)
        cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:45:56.666Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU99392903/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:tl-wr802n_firmware:221008:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tl-wr802n_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "v4_221008",
                    "status": "affected",
                    "version": "221008",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tl-wr841n_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "v14_230506",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tl-wr902ac_firmware",
                "vendor": "tp-link",
                "versions": [
                  {
                    "lessThan": "v3_230506",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36489",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T19:59:52.304215Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T20:03:19.698Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TL-WR802N",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027TL-WR802N(JP)_V4_221008\u0027"
                }
              ]
            },
            {
              "product": "TL-WR841N",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027TL-WR841N(JP)_V14_230506\u0027"
                }
              ]
            },
            {
              "product": "TL-WR902AC",
              "vendor": "TP-LINK",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to \u0027TL-WR902AC(JP)_V3_230506\u0027"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to \u0027TL-WR802N(JP)_V4_221008\u0027, TL-WR841N firmware versions prior to \u0027TL-WR841N(JP)_V14_230506\u0027, and TL-WR902AC firmware versions prior to \u0027TL-WR902AC(JP)_V3_230506\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-06T09:35:41.575Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware"
            },
            {
              "url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware"
            },
            {
              "url": "https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU99392903/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-36489",
        "datePublished": "2023-09-06T09:35:41.575Z",
        "dateReserved": "2023-08-15T07:33:33.018Z",
        "dateUpdated": "2024-09-26T20:03:19.698Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-48194 (GCVE-0-2022-48194)

    Vulnerability from cvelistv5 – Published: 2022-12-30 00:00 – Updated: 2025-04-10 18:48
    VLAI
    Summary
    TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:10:57.738Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-48194",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-10T18:44:15.244363Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-10T18:48:52.744Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-03T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits"
            },
            {
              "url": "http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execution.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-48194",
        "datePublished": "2022-12-30T00:00:00.000Z",
        "dateReserved": "2022-12-30T00:00:00.000Z",
        "dateUpdated": "2025-04-10T18:48:52.744Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25074 (GCVE-0-2022-25074)

    Vulnerability from cvelistv5 – Published: 2022-02-22 22:44 – Updated: 2024-08-03 04:29
    VLAI
    Summary
    TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:29:01.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902AC"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-22T22:44:06.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902AC"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-25074",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902AC",
                  "refsource": "MISC",
                  "url": "https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902AC"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-25074",
        "datePublished": "2022-02-22T22:44:06.000Z",
        "dateReserved": "2022-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T04:29:01.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }