lbp

20 exploits Active since Sep 2018
CVE-2018-17004 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4 and 7.0 1.1.0 - Authenticated Denial of Service via Long JSON Data for WLAN Access Name
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name.
CVSS 6.5
CVE-2018-17005 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4 and 7.0 1.1.0 - Authenticated Denial of Service via Firewall DMZ Enable JSON Data
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable.
CVSS 6.5
CVE-2018-17006 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4 and 7.0 1.1.0 - Authenticated Denial of Service via Firewall LAN Manage MAC2 JSON Data
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2.
CVSS 6.5
CVE-2018-17007 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4 and 7.0 1.1.0 - Authenticated Denial of Service via Wireless WDS SSID JSON Data
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_wds_2g ssid.
CVSS 6.5
CVE-2018-17008 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4 and 7.0 1.1.0 - Authenticated Denial of Service via Wireless WLAN Host Power JSON Data
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power.
CVSS 6.5
CVE-2018-17009 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4/7.0 1.1.0 - DoS via Long JSON Data in WLAN Host Isolation
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate.
CVSS 6.5
CVE-2018-17010 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4 and 7.0 1.1.0 - Authenticated Denial of Service via Wireless Bandwidth JSON Data
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g bandwidth.
CVSS 6.5
CVE-2018-17011 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4 and 7.0 1.1.0 - Authenticated Denial of Service via Long JSON Data in hosts_info Parameter
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun.
CVSS 6.5
CVE-2018-17012 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4/7.0 1.1.0 DoS via Long JSON in hosts_info
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit.
CVSS 6.5
CVE-2018-17013 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4 and 7.0 1.1.0 - Authenticated Denial of Service via Long JSON Data for WAN Rate Protocol
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate.
CVSS 6.5
CVE-2018-17014 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4 and 7.0 1.1.0 - Authenticated Denial of Service via Long JSON Data in ip_mac_bind Name
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ip_mac_bind name.
CVSS 6.5
CVE-2018-17015 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4 and 7.0 1.1.0 - Authenticated Denial of Service via DDNS phddns Username
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username.
CVSS 6.5
CVE-2018-17016 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4 and 7.0 1.1.0 - Authenticated Denial of Service via Long JSON Data for Reboot Timer
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for reboot_timer name.
CVSS 6.5
CVE-2018-17017 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4 and 7.0 1.1.0 - Authenticated Denial of Service via Long JSON Data for DHCPD UDHCPD Enable
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for dhcpd udhcpd enable.
CVSS 6.5
CVE-2018-17018 WRITEUP MEDIUM WORKING POC
TP-Link TL-WR886N 6.0 2.3.4 and 7.0 1.1.0 - Authenticated Denial of Service via Long JSON Time Switch Name
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name.
CVSS 6.5
CVE-2018-19528 WRITEUP CRITICAL WRITEUP
TP-Link TL-WR886N 7.0 1.1.0 - Denial of Service via Crafted DNS Packets
TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp.
CVSS 9.8
CVE-2019-10039 WRITEUP CRITICAL WORKING POC
D-Link DIR-816 A2 1.11 - Auth Bypass
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/setSysAdm to edit the web or system account without authentication.
CVSS 9.8
CVE-2019-10040 WRITEUP CRITICAL WORKING POC
D-Link DIR-816 A2 - Command Injection
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use a hidden API URL /goform/SystemCommand to execute a system command without authentication.
CVSS 9.8
CVE-2019-10041 WRITEUP CRITICAL WORKING POC
D-Link DIR-816 A2 1.11 - Auth Bypass
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/form2userconfig.cgi to edit the system account without authentication.
CVSS 9.8
CVE-2019-10042 WRITEUP HIGH WORKING POC
D-Link DIR-816 A2 1.11 - Unauthenticated Router Reset via LoadDefaultSettings API
The D-Link DIR-816 A2 1.11 router only checks the random token when authorizing a goform request. An attacker can get this token from dir_login.asp and use an API URL /goform/LoadDefaultSettings to reset the router without authentication.
CVSS 7.5