tp-link TL-WR841N Security Vulnerabilities

3 Vulnerabilities

Description
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2020-35576, Last Modified: 2021-01-26T18:15:00Z References Advisory Modemly Security Checklist TP-Link-TL-WR841N-router-setup
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2020-8423, Last Modified: 2020-04-02T17:34:00Z References Advisory Modemly Security Checklist TP-Link-TL-WR841N-router-setup
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457. Impacted versions: - Base Score: 0.0, Severity: NA, ID: CVE-2019-17147, Last Modified: 2020-01-08T00:15:00Z References Advisory Modemly Security Checklist TP-Link-TL-WR841N-router-setup

Description

A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2020-35576, Last Modified: 2021-01-26T18:15:00Z

References

Advisory

Modemly Security Checklist

TP-Link-TL-WR841N-router-setup

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network.

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2020-8423, Last Modified: 2020-04-02T17:34:00Z

References

Advisory

Modemly Security Checklist

TP-Link-TL-WR841N-router-setup

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457.

Impacted versions: -

Base Score: 0.0, Severity: NA, ID: CVE-2019-17147, Last Modified: 2020-01-08T00:15:00Z

References

Advisory

Modemly Security Checklist

TP-Link-TL-WR841N-router-setup

USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.