EUVD-2019-7025

Malware in sbrugna...

TP-Link TL-WPA4220 Arbitrary OS Command Execution Vulnerability

The TP-Link TL-WPA4220 is a 300Mbps AV600 Wi-Fi powerline extender. An arbitrary OS command execution vulnerability exists in httpd in the TP-Link TL-WPA4220. A remote authenticated user can exploit this vulnerability to execute arbitrary OS commands by sending a specially crafted POST request to...

TP-Link TL-WPA4220 操作系统命令注入漏洞

The TP-Link TL-WPA4220 is a 300Mbps AV600 Wi-Fi powerline extender. An arbitrary OS command execution vulnerability exists in httpd in the TP-Link TL-WPA4220. A remote authenticated user can exploit this vulnerability to execute arbitrary OS commands by sending a specially crafted POST request to...

Tenda PA6 Wi-Fi Powerline extender denial of service vulnerability

Tenda PA6 Wi-Fi Powerline extender is a wireless network range extender from Tenda China. A security vulnerability exists in the 'homeplugd' process in the Tenda PA6 Wi-Fi Powerline extender version 1.0.1.21. An attacker can exploit the vulnerability by sending specially crafted UDP packets to...

Tenda PA6 Wi-Fi Powerline extender buffer overflow vulnerability

Tenda PA6 Wi-Fi Powerline extender is a wireless network range extender from Tenda China. A buffer overflow vulnerability exists in the 'Wireless' section of the Web-UI in the Tenda PA6 Wi-Fi Powerline extender version 1.0.1.21. An attacker could exploit this vulnerability to execute arbitrary co...

CVE-2019-19506

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot...

CVE-2019-19505

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or...

CVE-2019-19506

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot...

Code injection

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system wi...

CVE-2019-19505

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or...

CVE-2019-19506

Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot...

CVE-2019-19506

The CVE-2019-19506 entry concerns the Tenda PA6 Wi‑Fi Powerline extender (version 1.0.1.21). The vulnerability resides in the homeplugd process and is triggered by sending a specially crafted UDP packet to cause a reboot (pre-auth Denial of Service). ThreatPost reports the device exposes a web UI...

CVE-2019-16213

CVE-2019-16213—Tenda PA6 Powerline extender is affected. The web server in firmware 1.0.1.21 allows an authenticated user to inject commands by changing the name of an attached PLC device, because the input is concatenated to a system command without validation, yielding root-level code execution...