Search criteria
6 vulnerabilities found for TL-WR841N by TP-Link
CVE-2023-50224 (GCVE-0-2023-50224)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2025-10-21 23:05
VLAI?
Title
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability
Summary
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
. Was ZDI-CAN-19899.
Severity ?
6.5 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr841n_firmware",
"vendor": "tp-link",
"versions": [
{
"lessThan": "12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50224",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T03:55:22.977218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-50224"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:19.610Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-50224"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-03T00:00:00+00:00",
"value": "CVE-2023-50224 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1808",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1808/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.tp-link.com/en/support/download/tl-wr841n/v12/#Firmware"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TL-WR841N",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "3.16.9 build 200409"
}
]
}
],
"dateAssigned": "2023-12-05T19:37:59.697Z",
"datePublic": "2023-12-19T16:08:15.018Z",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.\n. Was ZDI-CAN-19899."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:30:34.804Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1808",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1808/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/en/support/download/tl-wr841n/v12/#Firmware"
}
],
"source": {
"lang": "en",
"value": "Aleksandar Djurdjevic \u0027revengsmK\u0027"
},
"title": "TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50224",
"datePublished": "2024-05-03T02:14:42.922Z",
"dateReserved": "2023-12-05T16:15:17.543Z",
"dateUpdated": "2025-10-21T23:05:19.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39471 (GCVE-0-2023-39471)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:10 – Updated: 2024-08-02 18:10
VLAI?
Title
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability
Summary
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21825.
Severity ?
7.5 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:tp-link:tl-wr841n:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr841n",
"vendor": "tp-link",
"versions": [
{
"lessThan": "14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:tp-link:tl-wr840n:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr840n",
"vendor": "tp-link",
"versions": [
{
"lessThan": "6.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T17:18:20.131303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T21:00:28.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1624",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1624/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TL-WR841N",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "4.19"
}
]
}
],
"dateAssigned": "2023-08-02T16:44:31.477-05:00",
"datePublic": "2023-11-14T15:52:07.894-06:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21825."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:38.498Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1624",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1624/"
}
],
"source": {
"lang": "en",
"value": "Theori"
},
"title": "TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39471",
"datePublished": "2024-05-03T02:10:38.498Z",
"dateReserved": "2023-08-02T21:37:23.124Z",
"dateUpdated": "2024-08-02T18:10:20.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36489 (GCVE-0-2023-36489)
Vulnerability from cvelistv5 – Published: 2023-09-06 09:35 – Updated: 2024-09-26 20:03
VLAI?
Summary
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.
Severity ?
No CVSS data available.
CWE
- OS command injection
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:56.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99392903/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:tl-wr802n_firmware:221008:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr802n_firmware",
"vendor": "tp-link",
"versions": [
{
"lessThan": "v4_221008",
"status": "affected",
"version": "221008",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr841n_firmware",
"vendor": "tp-link",
"versions": [
{
"lessThan": "v14_230506",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr902ac_firmware",
"vendor": "tp-link",
"versions": [
{
"lessThan": "v3_230506",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:59:52.304215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:03:19.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TL-WR802N",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to \u0027TL-WR802N(JP)_V4_221008\u0027"
}
]
},
{
"product": "TL-WR841N",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to \u0027TL-WR841N(JP)_V14_230506\u0027"
}
]
},
{
"product": "TL-WR902AC",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to \u0027TL-WR902AC(JP)_V3_230506\u0027"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to \u0027TL-WR802N(JP)_V4_221008\u0027, TL-WR841N firmware versions prior to \u0027TL-WR841N(JP)_V14_230506\u0027, and TL-WR902AC firmware versions prior to \u0027TL-WR902AC(JP)_V3_230506\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T09:35:41.575Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware"
},
{
"url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware"
},
{
"url": "https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware"
},
{
"url": "https://jvn.jp/en/vu/JVNVU99392903/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-36489",
"datePublished": "2023-09-06T09:35:41.575Z",
"dateReserved": "2023-08-15T07:33:33.018Z",
"dateUpdated": "2024-09-26T20:03:19.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42433 (GCVE-0-2022-42433)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-14 20:24
VLAI?
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_V14_220121 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17356.
Severity ?
6.4 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Credits
Cyrille Chatras
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:10:40.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1466/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T20:24:29.265237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T20:24:33.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TL-WR841N",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "TL-WR841N(US)_V14_220121"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Cyrille Chatras"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_V14_220121 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17356."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1466/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-42433",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-10-03T00:00:00.000Z",
"dateUpdated": "2025-02-14T20:24:33.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0162 (GCVE-0-2022-0162)
Vulnerability from cvelistv5 – Published: 2022-02-09 22:05 – Updated: 2024-09-16 17:13
VLAI?
Title
Vulnerability in TP-LinK TL-WR841N wireless router
Summary
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.
Severity ?
8.4 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
This vulnerability is found by Parul Sindhwad, Anurag M. Chevendra, Dr. Faruk Kazi from COE-CNDS Lab, VJTI Mumbai, India
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2022-0068"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TL-WR841N",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "V11 3.16.9 Build 160325 Rel.62500n"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability is found by Parul Sindhwad, Anurag M. Chevendra, Dr. Faruk Kazi from COE-CNDS Lab, VJTI Mumbai, India"
}
],
"datePublic": "2022-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T22:05:30.000Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2022-0068"
}
],
"solutions": [
{
"lang": "en",
"value": "Update TPLinkWR841N firmware\nhttps://static.tp-link.com/upload/beta/2021/202112/20211209/wr841nv11_wr841ndv11_eu_3_16_9_up_boot(211209).zip"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vulnerability in TP-LinK TL-WR841N wireless router",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vdisclose@cert-in.org.in",
"DATE_PUBLIC": "2022-02-07T04:30:00.000Z",
"ID": "CVE-2022-0162",
"STATE": "PUBLIC",
"TITLE": "Vulnerability in TP-LinK TL-WR841N wireless router"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TL-WR841N",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "V11",
"version_value": "3.16.9 Build 160325 Rel.62500n"
}
]
}
}
]
},
"vendor_name": "TP-Link"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This vulnerability is found by Parul Sindhwad, Anurag M. Chevendra, Dr. Faruk Kazi from COE-CNDS Lab, VJTI Mumbai, India"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2022-0068",
"refsource": "MISC",
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2022-0068"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update TPLinkWR841N firmware\nhttps://static.tp-link.com/upload/beta/2021/202112/20211209/wr841nv11_wr841ndv11_eu_3_16_9_up_boot(211209).zip"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2022-0162",
"datePublished": "2022-02-09T22:05:30.830Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:13:50.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17147 (GCVE-0-2019-17147)
Vulnerability from cvelistv5 – Published: 2020-01-07 23:05 – Updated: 2024-08-05 01:33
VLAI?
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457.
Severity ?
8.8 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Nguyen Hoang Thach - Security Researcher at VNPT ISC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-992/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tp-link.com/us/support/download/tl-wr841n/#Firmware"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TL-WR841N",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "0.9.1 4.16 v007c.0 Build 180613 Rel.42415n"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nguyen Hoang Thach - Security Researcher at VNPT ISC"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-07T23:05:23.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-992/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tp-link.com/us/support/download/tl-wr841n/#Firmware"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2019-17147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TL-WR841N",
"version": {
"version_data": [
{
"version_value": "0.9.1 4.16 v007c.0 Build 180613 Rel.42415n"
}
]
}
}
]
},
"vendor_name": "TP-Link"
}
]
}
},
"credit": "Nguyen Hoang Thach - Security Researcher at VNPT ISC",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-992/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-992/"
},
{
"name": "https://www.tp-link.com/us/support/download/tl-wr841n/#Firmware",
"refsource": "MISC",
"url": "https://www.tp-link.com/us/support/download/tl-wr841n/#Firmware"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2019-17147",
"datePublished": "2020-01-07T23:05:23.000Z",
"dateReserved": "2019-10-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:17.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}