Tp-Link Ac1750 Firmware vulnerabilities
13 known vulnerabilities affecting tp-link/ac1750_firmware.
Total CVEs
13
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH7
Vulnerabilities
Page 1 of 1
CVE-2020-28347P1CRITICALCVSS 9.8PoCfixed in 2010292020-11-08
CVE-2020-28347 [CRITICAL] CVE-2020-28347: tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbit
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled.
nvd
CVE-2020-10882P2HIGHCVSS 8.8PoCv1907262020-03-25
CVE-2020-10882 [HIGH] CWE-78 CVE-2020-10882: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac par
nvd
CVE-2020-10884P2HIGHCVSS 8.8PoCv1907262020-03-25
CVE-2020-10884 [HIGH] CWE-321 CVE-2020-10884: This vulnerability allows network-adjacent attackers execute arbitrary code on affected installation
This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use
nvd
CVE-2020-10883P3HIGHCVSS 7.8PoCv1907262020-03-25
CVE-2020-10883 [HIGH] CWE-732 CVE-2020-10883: This vulnerability allows local attackers to escalate privileges on affected installations of TP-Lin
This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the
nvd
CVE-2020-10881P2CRITICALCVSS 9.8v1907262020-03-25
CVE-2020-10881 [CRITICAL] CWE-121 CVE-2020-10881: This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-
nvd
CVE-2020-10885P2CRITICALCVSS 9.8v1907262020-03-25
CVE-2020-10885 [CRITICAL] CWE-20 CVE-2020-10885: This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses pri
nvd
CVE-2020-10886P2CRITICALCVSS 9.8v1907262020-03-25
CVE-2020-10886 [CRITICAL] CWE-78 CVE-2020-10886: This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper valid
nvd
CVE-2020-10888P2CRITICALCVSS 9.8v1907262020-03-25
CVE-2020-10888 [CRITICAL] CWE-287 CVE-2020-10888: This vulnerability allows remote attackers to bypass authentication on affected installations of TP-
This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of p
nvd
CVE-2020-10887P2CRITICALCVSS 9.8v1907262020-03-25
CVE-2020-10887 [CRITICAL] CWE-693 CVE-2020-10887: This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can l
nvd
CVE-2022-24354P3HIGHCVSS 8.8fixed in 2112102022-02-18
CVE-2022-24354 [HIGH] CWE-190 CVE-2022-24354: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of use
nvd
CVE-2022-24352P3HIGHCVSS 8.8fixed in 2112102023-03-28
CVE-2022-24352 [HIGH] CWE-125 CVE-2022-24352: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 211210 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko kernel module. The issue results from the lack of proper validation of user-supplied data, which
nvd
CVE-2022-24353P3HIGHCVSS 8.8fixed in 2112102023-03-28
CVE-2022-24353 [HIGH] CWE-125 CVE-2022-24353: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplie
nvd
CVE-2021-27246P3HIGHCVSS 8.0v1.0.152021-04-14
CVE-2021-27246 [HIGH] CWE-121 CVE-2021-27246: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the
nvd