Tp-Link Tl-Wr902Ac Firmware vulnerabilities
5 known vulnerabilities affecting tp-link/tl-wr902ac_firmware.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-48194P2HIGHCVSS 8.8PoC≤ 3.0.9.12022-12-30
CVE-2022-48194 [HIGH] CWE-434 CVE-2022-48194: TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrar
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.
nvd
CVE-2022-25074P2CRITICALCVSS 9.8v1912092022-02-24
CVE-2022-25074 [CRITICAL] CWE-787 CVE-2022-25074: TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function
TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
nvd
CVE-2023-36489P3HIGHCVSS 8.8fixed in 2305062023-09-06
CVE-2023-36489 [HIGH] CWE-78 CVE-2023-36489: Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.
nvd
CVE-2023-50225P3MEDIUMCVSS 6.8v0.9.1_0.3_v008a.02024-05-03
CVE-2023-50225 [MEDIUM] CWE-121 CVE-2023-50225: TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability.
TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability.
The specific flaw exists within the libcmm.so module. The
nvd
CVE-2023-44447P3MEDIUMCVSS 6.5v231025v2310272024-05-03
CVE-2023-44447 [MEDIUM] CWE-290 CVE-2023-44447: TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulner
TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, whic
nvd