Tp-Link: >> Tl-Wr840n >> 6.20 Security Vulnerabilities
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21825.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-05-03
TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.
CVSS Score
6.8
EPSS Score
0.002
Published
2022-05-25
Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-04-18
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.
CVSS Score
7.2
EPSS Score
0.005
Published
2022-03-28
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.
CVSS Score
7.2
EPSS Score
0.005
Published
2022-03-28
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.
CVSS Score
7.2
EPSS Score
0.005
Published
2022-03-28
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.
CVSS Score
7.2
EPSS Score
0.005
Published
2022-03-28