All the vulnerabilites related to TP-LINK - TL-WR902AC
cve-2022-25074
Vulnerability from cvelistv5
Published
2022-02-22 22:44
Modified
2024-08-03 04:29
Severity ?
Summary
TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
References
https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902ACx_refsource_MISC
Impacted products
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:29:01.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902AC"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-22T22:44:06",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902AC"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-25074",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902AC",
              "refsource": "MISC",
              "url": "https://github.com/EPhaha/IOT_vuln/tree/main/TP-Link/TL-WR902AC"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-25074",
    "datePublished": "2022-02-22T22:44:06",
    "dateReserved": "2022-02-14T00:00:00",
    "dateUpdated": "2024-08-03T04:29:01.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-50225
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-09-18 18:30
Severity ?
6.8 (Medium) - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability
References
https://www.zerodayinitiative.com/advisories/ZDI-23-1809/x_research-advisory
https://www.tp-link.com/ca/support/download/tl-wr902ac/v3/#Firmwarevendor-advisory
Impacted products
TP-LinkTL-WR902AC
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tl-wr902ac_firmware",
            "vendor": "tp-link",
            "versions": [
              {
                "lessThan": "TL-WR902AC(US)_V3_220804",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-50225",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-03T14:35:40.425134Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:18:03.050Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:09:49.665Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-1809",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1809/"
          },
          {
            "name": "vendor-provided URL",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.tp-link.com/ca/support/download/tl-wr902ac/v3/#Firmware"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "TL-WR902AC",
          "vendor": "TP-Link",
          "versions": [
            {
              "status": "affected",
              "version": "0.9.1 0.3 v008a.0 Build 211025 Rel.76009n(5553)"
            }
          ]
        }
      ],
      "dateAssigned": "2023-12-05T13:37:59.702-06:00",
      "datePublic": "2023-12-19T10:13:58.602-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n. Was ZDI-CAN-21819."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-18T18:30:35.503Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-1809",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1809/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.tp-link.com/ca/support/download/tl-wr902ac/v3/#Firmware"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Nicholas Zubrisky and Peter Girnus  of Trend Micro Zero Day Initiative"
      },
      "title": "TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-50225",
    "datePublished": "2024-05-03T02:14:43.626Z",
    "dateReserved": "2023-12-05T16:15:17.543Z",
    "dateUpdated": "2024-09-18T18:30:35.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-48194
Vulnerability from cvelistv5
Published
2022-12-30 00:00
Modified
2025-04-10 18:48
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.
References
https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits
http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execution.html
Impacted products
n/an/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:10:57.738Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-48194",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-10T18:44:15.244363Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-434",
                "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-10T18:48:52.744Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-03T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/otsmr/internet-of-vulnerable-things/tree/main/exploits"
        },
        {
          "url": "http://packetstormsecurity.com/files/171623/TP-Link-TL-WR902AC-Remote-Code-Execution.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-48194",
    "datePublished": "2022-12-30T00:00:00.000Z",
    "dateReserved": "2022-12-30T00:00:00.000Z",
    "dateUpdated": "2025-04-10T18:48:52.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-44447
Vulnerability from cvelistv5
Published
2024-05-03 02:14
Modified
2024-08-02 20:07
Severity ?
6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability
References
https://www.zerodayinitiative.com/advisories/ZDI-23-1623/x_research-advisory
Impacted products
TP-LinkTL-WR902AC
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tl-wr902ac_firmware",
            "vendor": "tp-link",
            "versions": [
              {
                "status": "affected",
                "version": "1.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-44447",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-09T20:24:43.431700Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:19:35.432Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:07:33.121Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-1623",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1623/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "TL-WR902AC",
          "vendor": "TP-Link",
          "versions": [
            {
              "status": "affected",
              "version": "TL-WR902AC(EU)_V1_170628"
            }
          ]
        }
      ],
      "dateAssigned": "2023-09-28T13:14:48.359-05:00",
      "datePublic": "2023-11-14T15:52:02.996-06:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-21529."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290: Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T02:14:09.524Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-1623",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1623/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Aleksandar Djurdjevic \u0027revengsmK\u0027"
      },
      "title": "TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-44447",
    "datePublished": "2024-05-03T02:14:09.524Z",
    "dateReserved": "2023-09-28T18:02:49.776Z",
    "dateUpdated": "2024-08-02T20:07:33.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36489
Vulnerability from cvelistv5
Published
2023-09-06 09:35
Modified
2024-09-26 20:03
Severity ?
Summary
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.
References
https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware
https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware
https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware
https://jvn.jp/en/vu/JVNVU99392903/
Impacted products
TP-LINKTL-WR802N
TP-LINKTL-WR841N
TP-LINKTL-WR902AC
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:45:56.666Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU99392903/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:tp-link:tl-wr802n_firmware:221008:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tl-wr802n_firmware",
            "vendor": "tp-link",
            "versions": [
              {
                "lessThan": "v4_221008",
                "status": "affected",
                "version": "221008",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:tp-link:tl-wr841n_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tl-wr841n_firmware",
            "vendor": "tp-link",
            "versions": [
              {
                "lessThan": "v14_230506",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:tp-link:tl-wr902ac_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tl-wr902ac_firmware",
            "vendor": "tp-link",
            "versions": [
              {
                "lessThan": "v3_230506",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36489",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T19:59:52.304215Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T20:03:19.698Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TL-WR802N",
          "vendor": "TP-LINK",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to \u0027TL-WR802N(JP)_V4_221008\u0027"
            }
          ]
        },
        {
          "product": "TL-WR841N",
          "vendor": "TP-LINK",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to \u0027TL-WR841N(JP)_V14_230506\u0027"
            }
          ]
        },
        {
          "product": "TL-WR902AC",
          "vendor": "TP-LINK",
          "versions": [
            {
              "status": "affected",
              "version": "firmware versions prior to \u0027TL-WR902AC(JP)_V3_230506\u0027"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to \u0027TL-WR802N(JP)_V4_221008\u0027, TL-WR841N firmware versions prior to \u0027TL-WR841N(JP)_V14_230506\u0027, and TL-WR902AC firmware versions prior to \u0027TL-WR902AC(JP)_V3_230506\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OS command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-06T09:35:41.575Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware"
        },
        {
          "url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware"
        },
        {
          "url": "https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU99392903/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-36489",
    "datePublished": "2023-09-06T09:35:41.575Z",
    "dateReserved": "2023-08-15T07:33:33.018Z",
    "dateUpdated": "2024-09-26T20:03:19.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}