Tl\-Er5120g_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Tl\-Er5120g_firmware
(Tp\-Link)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	7

Date	Id	Summary	Products	Score	Patch	Annotated
2023-09-20	CVE-2023-43137	TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.	Tl\-Er5120g_firmware	8.8
2023-09-20	CVE-2023-43138	TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.	Tl\-Er5120g_firmware	8.8
2023-09-20	CVE-2023-43135	There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.	Tl\-Er5120g_firmware	9.8
2017-11-27	CVE-2017-16960	TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.	Tl\-Er3210g_firmware, Tl\-Er3220g_firmware, Tl\-Er5110g_firmware, Tl\-Er5120g_firmware, Tl\-Er5510g, Tl\-Er5520g, Tl\-Er6110g_firmware, Tl\-Er6120g, Tl\-Er6220g_firmware, Tl\-Er6510g_firmware, Tl\-Er6520g, Tl\-Er7520g_firmware, Tl\-R4149g_firmware, Tl\-R4239g, Tl\-R4299g, Tl\-R473, Tl\-R473g_firmware, Tl\-R473gp\-Ac_firmware, Tl\-R473p\-Ac_firmware, Tl\-R478, Tl\-R478\+, Tl\-R478g\+, Tl\-R478g_firmware, Tl\-R479gp\-Ac_firmware, Tl\-R479gpe\-Ac_firmware, Tl\-R479p\-Ac_firmware, Tl\-R483, Tl\-R483g, Tl\-R488, Tl\-War1200l_firmware, Tl\-War1300l_firmware, Tl\-War1750l_firmware, Tl\-War2600l_firmware, Tl\-War302_firmware, Tl\-War450_firmware, Tl\-War450l_firmware, Tl\-War458_firmware, Tl\-War458l_firmware, Tl\-War900l_firmware, Tl\-Wvr1200l_firmware, Tl\-Wvr1300g_firmware, Tl\-Wvr1300l_firmware, Tl\-Wvr1750l_firmware, Tl\-Wvr2600l_firmware, Tl\-Wvr300, Tl\-Wvr302, Tl\-Wvr4300l_firmware, Tl\-Wvr450_firmware, Tl\-Wvr450g, Tl\-Wvr450l_firmware, Tl\-Wvr458_firmware, Tl\-Wvr458l_firmware, Tl\-Wvr458p_firmware, Tl\-Wvr900g, Tl\-Wvr900l_firmware	8.8
2017-11-27	CVE-2017-16958	TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.	Tl\-Er3210g_firmware, Tl\-Er3220g_firmware, Tl\-Er5110g_firmware, Tl\-Er5120g_firmware, Tl\-Er5510g_firmware, Tl\-Er5520g_firmware, Tl\-Er6110g_firmware, Tl\-Er6120g_firmware, Tl\-Er6220g_firmware, Tl\-Er6510g_firmware, Tl\-Er6520g_firmware, Tl\-Er7520g_firmware, Tl\-R4149g_firmware, Tl\-R4239g_firmware, Tl\-R4299g_firmware, Tl\-R473_firmware, Tl\-R473g_firmware, Tl\-R473p\-Ac_firmware, Tl\-R478\+_firmware, Tl\-R478_firmware, Tl\-R478g\+_firmware, Tl\-R478g_firmware, Tl\-R479gp\-Ac_firmware, Tl\-R479gpe\-Ac_firmware, Tl\-R479p\-Ac_firmware, Tl\-R483_firmware, Tl\-R483g_firmware, Tl\-R488_firmware, Tl\-War1200l_firmware, Tl\-War1300l_firmware, Tl\-War1750l_firmware, Tl\-War2600l_firmware, Tl\-War302_firmware, Tl\-War450_firmware, Tl\-War450l_firmware, Tl\-War458_firmware, Tl\-War458l_firmware, Tl\-War900l_firmware, Tl\-Wvr1200l_firmware, Tl\-Wvr1300g_firmware, Tl\-Wvr1300l_firmware, Tl\-Wvr1750l_firmware, Tl\-Wvr300_firmware, Tl\-Wvr302_firmware, Tl\-Wvr4300l_firmware, Tl\-Wvr450_firmware, Tl\-Wvr450g_firmware, Tl\-Wvr450l_firmware, Tl\-Wvr458_firmware, Tl\-Wvr458l_firmware, Tl\-Wvr458p_firmware, Tl\-Wvr900g_firmware, Tl\-Wvr900l_firmware	8.8
2017-11-27	CVE-2017-16957	TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.	Tl\-Er3210g_firmware, Tl\-Er3220g_firmware, Tl\-Er5110g_firmware, Tl\-Er5120g_firmware, Tl\-Er5510g_firmware, Tl\-Er5520g_firmware, Tl\-Er6110g_firmware, Tl\-Er6120g_firmware, Tl\-Er6220g_firmware, Tl\-Er6510g_firmware, Tl\-Er6520g_firmware, Tl\-Er7520g_firmware, Tl\-R4149g_firmware, Tl\-R4239g_firmware, Tl\-R4299g_firmware, Tl\-R473_firmware, Tl\-R473g_firmware, Tl\-R473p\-Ac_firmware, Tl\-R478\+_firmware, Tl\-R478_firmware, Tl\-R478g\+_firmware, Tl\-R478g_firmware, Tl\-R479gp\-Ac_firmware, Tl\-R479gpe\-Ac_firmware, Tl\-R479p\-Ac_firmware, Tl\-R483_firmware, Tl\-R483g_firmware, Tl\-R488_firmware, Tl\-War1200l_firmware, Tl\-War1300l_firmware, Tl\-War1750l_firmware, Tl\-War2600l_firmware, Tl\-War302_firmware, Tl\-War450_firmware, Tl\-War450l_firmware, Tl\-War458_firmware, Tl\-War458l_firmware, Tl\-War900l_firmware, Tl\-Wvr1200l_firmware, Tl\-Wvr1300g_firmware, Tl\-Wvr1300l_firmware, Tl\-Wvr1750l_firmware, Tl\-Wvr300_firmware, Tl\-Wvr302_firmware, Tl\-Wvr4300l_firmware, Tl\-Wvr450_firmware, Tl\-Wvr450g_firmware, Tl\-Wvr450l_firmware, Tl\-Wvr458_firmware, Tl\-Wvr458l_firmware, Tl\-Wvr458p_firmware, Tl\-Wvr900g_firmware, Tl\-Wvr900l_firmware	8.8
2017-11-27	CVE-2017-16959	The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.	Tl\-Er3210g_firmware, Tl\-Er3220g_firmware, Tl\-Er5110g_firmware, Tl\-Er5120g_firmware, Tl\-Er5510g_firmware, Tl\-Er5520g_firmware, Tl\-Er6110g_firmware, Tl\-Er6120g_firmware, Tl\-Er6220g_firmware, Tl\-Er6510g_firmware, Tl\-Er6520g_firmware, Tl\-Er7520g_firmware, Tl\-R4149g_firmware, Tl\-R4239g_firmware, Tl\-R4299g_firmware, Tl\-R473_firmware, Tl\-R473g_firmware, Tl\-R473p\-Ac_firmware, Tl\-R478\+_firmware, Tl\-R478_firmware, Tl\-R478g\+_firmware, Tl\-R478g_firmware, Tl\-R479gp\-Ac_firmware, Tl\-R479gpe\-Ac_firmware, Tl\-R479p\-Ac_firmware, Tl\-R483_firmware, Tl\-R483g_firmware, Tl\-R488_firmware, Tl\-War1200l_firmware, Tl\-War1300l_firmware, Tl\-War1750l_firmware, Tl\-War2600l_firmware, Tl\-War302_firmware, Tl\-War450_firmware, Tl\-War450l_firmware, Tl\-War458_firmware, Tl\-War458l_firmware, Tl\-War900l_firmware, Tl\-Wvr1200l_firmware, Tl\-Wvr1300g_firmware, Tl\-Wvr1300l_firmware, Tl\-Wvr1750l_firmware, Tl\-Wvr300_firmware, Tl\-Wvr302_firmware, Tl\-Wvr4300l_firmware, Tl\-Wvr450_firmware, Tl\-Wvr450g_firmware, Tl\-Wvr450l_firmware, Tl\-Wvr458_firmware, Tl\-Wvr458l_firmware, Tl\-Wvr458p_firmware, Tl\-Wvr900g_firmware, Tl\-Wvr900l_firmware	6.5