Search criteria
6 vulnerabilities found for TL-WR902AC by TP-LINK
CVE-2023-50225 (GCVE-0-2023-50225)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2024-09-18 18:30
VLAI?
Summary
TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability.
The specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-21819.
Severity ?
6.8 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link | TL-WR902AC |
Affected:
0.9.1 0.3 v008a.0 Build 211025 Rel.76009n(5553)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr902ac_firmware",
"vendor": "tp-link",
"versions": [
{
"lessThan": "TL-WR902AC(US)_V3_220804",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T14:35:40.425134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:03.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1809",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1809/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.tp-link.com/ca/support/download/tl-wr902ac/v3/#Firmware"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TL-WR902AC",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "0.9.1 0.3 v008a.0 Build 211025 Rel.76009n(5553)"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.702-06:00",
"datePublic": "2023-12-19T10:13:58.602-06:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-21819."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:30:35.503Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1809",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1809/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/ca/support/download/tl-wr902ac/v3/#Firmware"
}
],
"source": {
"lang": "en",
"value": "Nicholas Zubrisky and Peter Girnus of Trend Micro Zero Day Initiative"
},
"title": "TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50225",
"datePublished": "2024-05-03T02:14:43.626Z",
"dateReserved": "2023-12-05T16:15:17.543Z",
"dateUpdated": "2024-09-18T18:30:35.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44447 (GCVE-0-2023-44447)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2024-08-02 20:07
VLAI?
Summary
TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-21529.
Severity ?
6.5 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link | TL-WR902AC |
Affected:
TL-WR902AC(EU)_V1_170628
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr902ac_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T20:24:43.431700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:35.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:33.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1623",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1623/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TL-WR902AC",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "TL-WR902AC(EU)_V1_170628"
}
]
}
],
"dateAssigned": "2023-09-28T13:14:48.359-05:00",
"datePublic": "2023-11-14T15:52:02.996-06:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-21529."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:09.524Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1623",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1623/"
}
],
"source": {
"lang": "en",
"value": "Aleksandar Djurdjevic \u0027revengsmK\u0027"
},
"title": "TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-44447",
"datePublished": "2024-05-03T02:14:09.524Z",
"dateReserved": "2023-09-28T18:02:49.776Z",
"dateUpdated": "2024-08-02T20:07:33.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36489 (GCVE-0-2023-36489)
Vulnerability from cvelistv5 – Published: 2023-09-06 09:35 – Updated: 2024-09-26 20:03
VLAI?
Summary
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.
Severity ?
No CVSS data available.
CWE
- OS command injection
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:56.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99392903/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:tl-wr802n_firmware:221008:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr802n_firmware",
"vendor": "tp-link",
"versions": [
{
"lessThan": "v4_221008",
"status": "affected",
"version": "221008",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr841n_firmware",
"vendor": "tp-link",
"versions": [
{
"lessThan": "v14_230506",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr902ac_firmware",
"vendor": "tp-link",
"versions": [
{
"lessThan": "v3_230506",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:59:52.304215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:03:19.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TL-WR802N",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to \u0027TL-WR802N(JP)_V4_221008\u0027"
}
]
},
{
"product": "TL-WR841N",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to \u0027TL-WR841N(JP)_V14_230506\u0027"
}
]
},
{
"product": "TL-WR902AC",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to \u0027TL-WR902AC(JP)_V3_230506\u0027"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to \u0027TL-WR802N(JP)_V4_221008\u0027, TL-WR841N firmware versions prior to \u0027TL-WR841N(JP)_V14_230506\u0027, and TL-WR902AC firmware versions prior to \u0027TL-WR902AC(JP)_V3_230506\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T09:35:41.575Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware"
},
{
"url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware"
},
{
"url": "https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware"
},
{
"url": "https://jvn.jp/en/vu/JVNVU99392903/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-36489",
"datePublished": "2023-09-06T09:35:41.575Z",
"dateReserved": "2023-08-15T07:33:33.018Z",
"dateUpdated": "2024-09-26T20:03:19.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50225 (GCVE-0-2023-50225)
Vulnerability from nvd – Published: 2024-05-03 02:14 – Updated: 2024-09-18 18:30
VLAI?
Summary
TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability.
The specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-21819.
Severity ?
6.8 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link | TL-WR902AC |
Affected:
0.9.1 0.3 v008a.0 Build 211025 Rel.76009n(5553)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr902ac_firmware",
"vendor": "tp-link",
"versions": [
{
"lessThan": "TL-WR902AC(US)_V3_220804",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-03T14:35:40.425134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:03.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:49.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1809",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1809/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.tp-link.com/ca/support/download/tl-wr902ac/v3/#Firmware"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TL-WR902AC",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "0.9.1 0.3 v008a.0 Build 211025 Rel.76009n(5553)"
}
]
}
],
"dateAssigned": "2023-12-05T13:37:59.702-06:00",
"datePublic": "2023-12-19T10:13:58.602-06:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-21819."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:30:35.503Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1809",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1809/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/ca/support/download/tl-wr902ac/v3/#Firmware"
}
],
"source": {
"lang": "en",
"value": "Nicholas Zubrisky and Peter Girnus of Trend Micro Zero Day Initiative"
},
"title": "TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-50225",
"datePublished": "2024-05-03T02:14:43.626Z",
"dateReserved": "2023-12-05T16:15:17.543Z",
"dateUpdated": "2024-09-18T18:30:35.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44447 (GCVE-0-2023-44447)
Vulnerability from nvd – Published: 2024-05-03 02:14 – Updated: 2024-08-02 20:07
VLAI?
Summary
TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-21529.
Severity ?
6.5 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link | TL-WR902AC |
Affected:
TL-WR902AC(EU)_V1_170628
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr902ac_firmware",
"vendor": "tp-link",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44447",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T20:24:43.431700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:35.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:33.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1623",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1623/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TL-WR902AC",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "TL-WR902AC(EU)_V1_170628"
}
]
}
],
"dateAssigned": "2023-09-28T13:14:48.359-05:00",
"datePublic": "2023-11-14T15:52:02.996-06:00",
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-21529."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:14:09.524Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1623",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1623/"
}
],
"source": {
"lang": "en",
"value": "Aleksandar Djurdjevic \u0027revengsmK\u0027"
},
"title": "TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-44447",
"datePublished": "2024-05-03T02:14:09.524Z",
"dateReserved": "2023-09-28T18:02:49.776Z",
"dateUpdated": "2024-08-02T20:07:33.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36489 (GCVE-0-2023-36489)
Vulnerability from nvd – Published: 2023-09-06 09:35 – Updated: 2024-09-26 20:03
VLAI?
Summary
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.
Severity ?
No CVSS data available.
CWE
- OS command injection
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:56.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99392903/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:tp-link:tl-wr802n_firmware:221008:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr802n_firmware",
"vendor": "tp-link",
"versions": [
{
"lessThan": "v4_221008",
"status": "affected",
"version": "221008",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr841n_firmware",
"vendor": "tp-link",
"versions": [
{
"lessThan": "v14_230506",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tl-wr902ac_firmware",
"vendor": "tp-link",
"versions": [
{
"lessThan": "v3_230506",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:59:52.304215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T20:03:19.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TL-WR802N",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to \u0027TL-WR802N(JP)_V4_221008\u0027"
}
]
},
{
"product": "TL-WR841N",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to \u0027TL-WR841N(JP)_V14_230506\u0027"
}
]
},
{
"product": "TL-WR902AC",
"vendor": "TP-LINK",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to \u0027TL-WR902AC(JP)_V3_230506\u0027"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to \u0027TL-WR802N(JP)_V4_221008\u0027, TL-WR841N firmware versions prior to \u0027TL-WR841N(JP)_V14_230506\u0027, and TL-WR902AC firmware versions prior to \u0027TL-WR902AC(JP)_V3_230506\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T09:35:41.575Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware"
},
{
"url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware"
},
{
"url": "https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware"
},
{
"url": "https://jvn.jp/en/vu/JVNVU99392903/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-36489",
"datePublished": "2023-09-06T09:35:41.575Z",
"dateReserved": "2023-08-15T07:33:33.018Z",
"dateUpdated": "2024-09-26T20:03:19.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}