EXODUS BLOG

Day: June 23, 2022

TP-Link WA850RE Unauthenticated Configuration Disclosure Vulnerability

JUNE 23, 2022

EIP-9098806c A vulnerability exists within the httpd server of the TP-Link WA850RE Universal Wi-Fi Range Extender that allows remote unauthenticated attackers to download the configuration file. Retrieval of this file results in the exposure...

TP-Link WA850RE Remote Command Injection Vulnerability

JUNE 23, 2022

EIP-7758d2d4 A vulnerability exists within the httpd server of the TP-Link WA850RE Universal Wi-Fi Range Extender that allows authenticated attackers to inject arbitrary commands as arguments to an execve() call due to a lack...

TP-Link WR940N/WR941ND Uninitialized Pointer Vulnerability

JUNE 23, 2022

EIP-9ad27c94 An uninitialized pointer vulnerability exists within TP-Link’s WR940N and WR941ND SOHO router devices specifically during the processing of UPnP/SOAP SUBSCRIBE requests. Successful exploitation allow local unauthenticated attackers the ability to execute arbitrary code...