Tp-Link: >> Tl-Wdr4300 Firmware >> 1.6 Security Vulnerabilities
TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.
CVSS Score
8.8
EPSS Score
0.249
Published
2019-01-18
Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-09-30
The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request.
CVSS Score
5.0
EPSS Score
0.013
Published
2014-09-30