Luis Jacome Valencia - Security Researcher - Exploit Intelligence Platform

CVE-2022-25064 NOMISEC CRITICAL WORKING POC

TP-LINK TL-WR840N(ES)_V6.20_180709 - Remote Code Execution via oal_wan6_setIpAddr Function

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.

21 stars

CVSS 9.8

View Code

CVE-2022-29337 NOMISEC CRITICAL WORKING POC

C-DATA FD702XW-X-R430 v2.1.13_X001 - Command Injection

C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request.

3 stars

CVSS 9.8

View Code

CVE-2022-25061 NOMISEC CRITICAL WORKING POC

TP-LINK TL-WR840N(ES)_V6.20_180709 - OS Command Injection via oal_setIp6DefaultRoute

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.

2 stars

CVSS 9.8

View Code

CVE-2022-25060 NOMISEC CRITICAL WORKING POC

TP-LINK TL-WR840N(ES)_V6.20_180709 - OS Command Injection via oal_startPing

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.

CVSS 9.8

View Code

CVE-2022-25062 NOMISEC HIGH WORKING POC

TP-LINK TL-WR840N(ES)_V6.20_180709 - Denial of Service via Integer Overflow in dm_checkString

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVSS 7.5

View Code

CVE-2022-25064 NOMISEC CRITICAL WORKING POC

TP-LINK TL-WR840N(ES)_V6.20_180709 - Remote Code Execution via oal_wan6_setIpAddr Function

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.

CVSS 9.8

View Code