Shodan
Vulnerabilities
Vulnerable Software
Tp-Link:  Security Vulnerabilities
CVE-2017-11519
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.
CVSS Score
9.8
EPSS Score
0.132
Published
2017-07-21
CVE-2017-10796
On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-07-02
CVE-2017-9466
The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuration service tddp via the LAN and Ath0 (Wi-Fi) interfaces.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-06-26
CVE-2017-8217
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.
CVSS Score
5.3
EPSS Score
0.002
Published
2017-04-25
CVE-2017-8218
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.
CVSS Score
9.8
EPSS Score
0.009
Published
2017-04-25
CVE-2017-8219
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-04-25
CVE-2017-8220
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.
CVSS Score
9.9
EPSS Score
0.119
Published
2017-04-25
CVE-2017-8074
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-04-23
CVE-2017-8075
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVSS Score
9.8
EPSS Score
0.019
Published
2017-04-23
CVE-2017-8076
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-04-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved