tp-link CVE Vulnerabilities & Metrics

Focus on tp-link vulnerabilities and metrics.

Last updated: 08 May 2025, 22:25 UTC

About tp-link Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with tp-link. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total tp-link CVEs: 323
Earliest CVE date: 28 Apr 2012, 00:55 UTC
Latest CVE date: 16 Apr 2025, 20:15 UTC

Latest CVE reference: CVE-2025-29653

Rolling Stats

30-day Count (Rolling): 6
365-day Count (Rolling): 15

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -79.45%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -79.45%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical tp-link CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.63

Max CVSS: 10.0

Critical CVEs (≥9): 79

CVSS Range vs. Count

Range Count
0.0-3.9 128
4.0-6.9 89
7.0-8.9 41
9.0-10.0 79

CVSS Distribution Chart

Top 5 Highest CVSS tp-link CVEs

These are the five CVEs with the highest CVSS scores for tp-link, sorted by severity first and recency.

All CVEs for tp-link

CVE-2025-29653 tp-link vulnerability CVSS: 0 16 Apr 2025, 20:15 UTC

SQL Injection vulnerability exists in the TP-Link M7450 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.2 Build 170306 Rel.1015n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields.

CVE-2025-29652 tp-link vulnerability CVSS: 0 16 Apr 2025, 20:15 UTC

SQL Injection vulnerability exists in the TP-Link M7000 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 180127 Rel.55998n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

CVE-2025-29651 tp-link vulnerability CVSS: 0 16 Apr 2025, 20:15 UTC

SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 170623 Rel.1022n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

CVE-2025-29650 tp-link vulnerability CVSS: 0 16 Apr 2025, 20:15 UTC

SQL Injection vulnerability exists in the TP-Link M7200 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 180127 Rel.55998n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

CVE-2025-29649 tp-link vulnerability CVSS: 0 16 Apr 2025, 20:15 UTC

SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

CVE-2025-29648 tp-link vulnerability CVSS: 0 16 Apr 2025, 20:15 UTC

SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the login fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

CVE-2024-57040 tp-link vulnerability CVSS: 0 26 Feb 2025, 22:15 UTC

TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router.

CVE-2025-25901 tp-link vulnerability CVSS: 0 13 Feb 2025, 16:16 UTC

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

CVE-2025-25898 tp-link vulnerability CVSS: 0 13 Feb 2025, 16:16 UTC

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

CVE-2025-25897 tp-link vulnerability CVSS: 0 13 Feb 2025, 16:16 UTC

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

CVE-2024-12344 tp-link vulnerability CVSS: 6.5 08 Dec 2024, 23:15 UTC

A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-12343 tp-link vulnerability CVSS: 6.1 08 Dec 2024, 10:15 UTC

A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.

CVE-2024-11237 tp-link vulnerability CVSS: 7.8 15 Nov 2024, 12:15 UTC

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-10523 tp-link vulnerability CVSS: 0 04 Nov 2024, 12:16 UTC

This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.

CVE-2024-22733 tp-link vulnerability CVSS: 0 01 Nov 2024, 16:15 UTC

TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker.

CVE-2023-43318 tp-link vulnerability CVSS: 0 06 Mar 2024, 00:15 UTC

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.

CVE-2023-47618 tp-link vulnerability CVSS: 0 06 Feb 2024, 17:15 UTC

A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-47617 tp-link vulnerability CVSS: 0 06 Feb 2024, 17:15 UTC

A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-47209 tp-link vulnerability CVSS: 0 06 Feb 2024, 17:15 UTC

A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-47167 tp-link vulnerability CVSS: 0 06 Feb 2024, 17:15 UTC

A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-46683 tp-link vulnerability CVSS: 0 06 Feb 2024, 17:15 UTC

A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-43482 tp-link vulnerability CVSS: 0 06 Feb 2024, 17:15 UTC

A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-42664 tp-link vulnerability CVSS: 0 06 Feb 2024, 17:15 UTC

A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVE-2023-36498 tp-link vulnerability CVSS: 0 06 Feb 2024, 17:15 UTC

A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell.

CVE-2023-49515 tp-link vulnerability CVSS: 0 17 Jan 2024, 02:15 UTC

Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.

CVE-2024-21833 tp-link vulnerability CVSS: 0 11 Jan 2024, 00:15 UTC

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.

CVE-2024-21821 tp-link vulnerability CVSS: 0 11 Jan 2024, 00:15 UTC

Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands.

CVE-2024-21773 tp-link vulnerability CVSS: 0 11 Jan 2024, 00:15 UTC

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.

CVE-2023-27098 tp-link vulnerability CVSS: 0 09 Jan 2024, 02:15 UTC

TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.

CVE-2023-34829 tp-link vulnerability CVSS: 0 28 Dec 2023, 03:15 UTC

Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.

CVE-2023-39610 tp-link vulnerability CVSS: 0 31 Oct 2023, 21:15 UTC

An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.

CVE-2023-46539 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle.

CVE-2023-46538 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister.

CVE-2023-46537 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister.

CVE-2023-46536 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister.

CVE-2023-46535 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.

CVE-2023-46534 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister.

CVE-2023-46527 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle.

CVE-2023-46526 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister.

CVE-2023-46525 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.

CVE-2023-46523 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister.

CVE-2023-46522 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister.

CVE-2023-46521 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister.

CVE-2023-46520 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle.

CVE-2023-46373 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses.

CVE-2023-46371 tp-link vulnerability CVSS: 0 25 Oct 2023, 18:17 UTC

TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.

CVE-2023-42189 tp-link vulnerability CVSS: 0 10 Oct 2023, 03:15 UTC

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.

CVE-2023-38907 tp-link vulnerability CVSS: 0 25 Sep 2023, 23:15 UTC

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.

CVE-2023-43135 tp-link vulnerability CVSS: 0 20 Sep 2023, 22:15 UTC

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

CVE-2023-43138 tp-link vulnerability CVSS: 0 20 Sep 2023, 20:15 UTC

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.

CVE-2023-43137 tp-link vulnerability CVSS: 0 20 Sep 2023, 20:15 UTC

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.

CVE-2023-40531 tp-link vulnerability CVSS: 0 06 Sep 2023, 10:15 UTC

Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

CVE-2023-40357 tp-link vulnerability CVSS: 0 06 Sep 2023, 10:15 UTC

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.

CVE-2023-39224 tp-link vulnerability CVSS: 0 06 Sep 2023, 10:15 UTC

Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.

CVE-2023-38568 tp-link vulnerability CVSS: 0 06 Sep 2023, 10:15 UTC

Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.

CVE-2023-38563 tp-link vulnerability CVSS: 0 06 Sep 2023, 10:15 UTC

Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.

CVE-2023-37284 tp-link vulnerability CVSS: 0 06 Sep 2023, 10:15 UTC

Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.

CVE-2023-36489 tp-link vulnerability CVSS: 0 06 Sep 2023, 10:15 UTC

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.

CVE-2023-32619 tp-link vulnerability CVSS: 0 06 Sep 2023, 10:15 UTC

Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.

CVE-2023-31188 tp-link vulnerability CVSS: 0 06 Sep 2023, 10:15 UTC

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'.

CVE-2023-38909 tp-link vulnerability CVSS: 0 22 Aug 2023, 01:15 UTC

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.

CVE-2023-38908 tp-link vulnerability CVSS: 0 22 Aug 2023, 01:15 UTC

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.

CVE-2023-38906 tp-link vulnerability CVSS: 0 22 Aug 2023, 00:15 UTC

An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.

CVE-2023-39751 tp-link vulnerability CVSS: 0 21 Aug 2023, 03:15 UTC

TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.

CVE-2023-39748 tp-link vulnerability CVSS: 0 21 Aug 2023, 03:15 UTC

An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

CVE-2023-39747 tp-link vulnerability CVSS: 0 21 Aug 2023, 03:15 UTC

TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm.

CVE-2023-39745 tp-link vulnerability CVSS: 0 21 Aug 2023, 03:15 UTC

TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

CVE-2023-31710 tp-link vulnerability CVSS: 0 01 Aug 2023, 14:15 UTC

TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.

CVE-2023-30383 tp-link vulnerability CVSS: 0 18 Jul 2023, 19:15 UTC

TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.

CVE-2023-36359 tp-link vulnerability CVSS: 0 22 Jun 2023, 20:15 UTC

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

CVE-2023-36358 tp-link vulnerability CVSS: 0 22 Jun 2023, 20:15 UTC

TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

CVE-2023-36357 tp-link vulnerability CVSS: 0 22 Jun 2023, 20:15 UTC

An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

CVE-2023-36356 tp-link vulnerability CVSS: 0 22 Jun 2023, 20:15 UTC

TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

CVE-2023-36355 tp-link vulnerability CVSS: 0 22 Jun 2023, 20:15 UTC

TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

CVE-2023-36354 tp-link vulnerability CVSS: 0 22 Jun 2023, 20:15 UTC

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

CVE-2023-34832 tp-link vulnerability CVSS: 0 16 Jun 2023, 18:15 UTC

TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4.

CVE-2023-29562 tp-link vulnerability CVSS: 0 13 Jun 2023, 20:15 UTC

TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale.

CVE-2023-27836 tp-link vulnerability CVSS: 0 13 Jun 2023, 19:15 UTC

TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.

CVE-2023-27837 tp-link vulnerability CVSS: 0 13 Jun 2023, 17:15 UTC

TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774.

CVE-2023-28478 tp-link vulnerability CVSS: 0 12 Jun 2023, 20:15 UTC

TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow.

CVE-2023-33538 tp-link vulnerability CVSS: 0 07 Jun 2023, 04:15 UTC

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

CVE-2023-33537 tp-link vulnerability CVSS: 0 07 Jun 2023, 04:15 UTC

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm.

CVE-2023-33536 tp-link vulnerability CVSS: 0 07 Jun 2023, 04:15 UTC

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm.

CVE-2023-27126 tp-link vulnerability CVSS: 0 06 Jun 2023, 18:15 UTC

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim.

CVE-2023-31756 tp-link vulnerability CVSS: 0 19 May 2023, 13:15 UTC

A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter.

CVE-2023-31701 tp-link vulnerability CVSS: 0 17 May 2023, 14:15 UTC

TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.

CVE-2023-31700 tp-link vulnerability CVSS: 0 17 May 2023, 14:15 UTC

TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd.

CVE-2023-2646 tp-link vulnerability CVSS: 5.0 11 May 2023, 08:15 UTC

A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2022-37255 tp-link vulnerability CVSS: 0 16 Apr 2023, 02:15 UTC

TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603.

CVE-2023-28368 tp-link vulnerability CVSS: 0 11 Apr 2023, 09:15 UTC

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.

CVE-2022-43636 tp-link vulnerability CVSS: 0 29 Mar 2023, 19:15 UTC

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of sufficient randomness in the sequnce numbers used for session managment. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-18334.

CVE-2022-43635 tp-link vulnerability CVSS: 0 29 Mar 2023, 19:15 UTC

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the incorrect implementation of the authentication algorithm. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17332.

CVE-2022-42433 tp-link vulnerability CVSS: 0 29 Mar 2023, 19:15 UTC

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_V14_220121 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17356.

CVE-2022-24973 tp-link vulnerability CVSS: 0 28 Mar 2023, 19:15 UTC

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13992.

CVE-2022-24972 tp-link vulnerability CVSS: 0 28 Mar 2023, 19:15 UTC

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13911.

CVE-2022-24353 tp-link vulnerability CVSS: 0 28 Mar 2023, 19:15 UTC

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-15769.

CVE-2022-24352 tp-link vulnerability CVSS: 0 28 Mar 2023, 19:15 UTC

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 211210 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko kernel module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15773.

CVE-2022-0650 tp-link vulnerability CVSS: 0 28 Mar 2023, 19:15 UTC

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13993.

CVE-2023-27078 tp-link vulnerability CVSS: 0 23 Mar 2023, 15:15 UTC

A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.

CVE-2023-1389 tp-link vulnerability CVSS: 0 15 Mar 2023, 23:15 UTC

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.

CVE-2023-23040 tp-link vulnerability CVSS: 0 22 Feb 2023, 17:15 UTC

TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.

CVE-2023-0936 tp-link vulnerability CVSS: 6.1 21 Feb 2023, 10:15 UTC

A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221552.

CVE-2022-41505 tp-link vulnerability CVSS: 0 23 Jan 2023, 15:15 UTC

An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value.

CVE-2021-37774 tp-link vulnerability CVSS: 0 19 Jan 2023, 13:15 UTC

An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code.

CVE-2023-22303 tp-link vulnerability CVSS: 0 17 Jan 2023, 10:15 UTC

TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. Under the certain conditions, an attacker may impersonate an administrator of the product. As a result, information may be obtained and/or the product's settings may be altered with the privilege of the administrator.

CVE-2022-4498 tp-link vulnerability CVSS: 0 11 Jan 2023, 21:15 UTC

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.

CVE-2022-4499 tp-link vulnerability CVSS: 0 11 Jan 2023, 19:15 UTC

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.

CVE-2022-48194 tp-link vulnerability CVSS: 0 30 Dec 2022, 07:15 UTC

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.

CVE-2022-46912 tp-link vulnerability CVSS: 0 20 Dec 2022, 20:15 UTC

An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.

CVE-2022-41783 tp-link vulnerability CVSS: 0 07 Dec 2022, 04:15 UTC

tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function.

CVE-2022-4296 tp-link vulnerability CVSS: 0 06 Dec 2022, 10:15 UTC

A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214812.

CVE-2022-41541 tp-link vulnerability CVSS: 0 18 Oct 2022, 15:15 UTC

TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user.

CVE-2022-41540 tp-link vulnerability CVSS: 0 18 Oct 2022, 15:15 UTC

The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information.

CVE-2022-42202 tp-link vulnerability CVSS: 0 18 Oct 2022, 13:15 UTC

TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).

CVE-2022-40486 tp-link vulnerability CVSS: 0 28 Sep 2022, 13:15 UTC

TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file.

CVE-2022-37860 tp-link vulnerability CVSS: 0 12 Sep 2022, 18:15 UTC

The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability.

CVE-2021-42232 tp-link vulnerability CVSS: 0 23 Aug 2022, 01:15 UTC

TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router.

CVE-2022-34555 tp-link vulnerability CVSS: 0 28 Jul 2022, 23:15 UTC

TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet.

CVE-2022-30024 tp-link vulnerability CVSS: 0 14 Jul 2022, 14:15 UTC

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected.

CVE-2022-32058 tp-link vulnerability CVSS: 7.8 07 Jul 2022, 19:15 UTC

An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

CVE-2022-33087 tp-link vulnerability CVSS: 7.8 30 Jun 2022, 23:15 UTC

A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVE-2022-30075 tp-link vulnerability CVSS: 6.5 09 Jun 2022, 04:15 UTC

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.

CVE-2022-29402 tp-link vulnerability CVSS: 7.2 25 May 2022, 18:15 UTC

TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.

CVE-2022-26988 tp-link vulnerability CVSS: 7.2 10 May 2022, 15:15 UTC

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution.

CVE-2022-26987 tp-link vulnerability CVSS: 7.2 10 May 2022, 15:15 UTC

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.

CVE-2021-46122 tp-link vulnerability CVSS: 9.0 18 Apr 2022, 16:15 UTC

Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.

CVE-2022-26642 tp-link vulnerability CVSS: 6.5 28 Mar 2022, 23:15 UTC

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.

CVE-2022-26641 tp-link vulnerability CVSS: 6.5 28 Mar 2022, 23:15 UTC

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.

CVE-2022-26640 tp-link vulnerability CVSS: 6.5 28 Mar 2022, 23:15 UTC

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.

CVE-2022-26639 tp-link vulnerability CVSS: 6.5 28 Mar 2022, 23:15 UTC

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.

CVE-2021-44632 tp-link vulnerability CVSS: 10.0 10 Mar 2022, 17:44 UTC

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

CVE-2021-44631 tp-link vulnerability CVSS: 10.0 10 Mar 2022, 17:44 UTC

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request.

CVE-2021-44630 tp-link vulnerability CVSS: 10.0 10 Mar 2022, 17:44 UTC

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

CVE-2021-44629 tp-link vulnerability CVSS: 10.0 10 Mar 2022, 17:44 UTC

A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

CVE-2021-44628 tp-link vulnerability CVSS: 10.0 10 Mar 2022, 17:44 UTC

A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

CVE-2021-44627 tp-link vulnerability CVSS: 10.0 10 Mar 2022, 17:44 UTC

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

CVE-2021-44626 tp-link vulnerability CVSS: 10.0 10 Mar 2022, 17:44 UTC

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

CVE-2021-44625 tp-link vulnerability CVSS: 10.0 10 Mar 2022, 17:44 UTC

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.

CVE-2021-44623 tp-link vulnerability CVSS: 10.0 10 Mar 2022, 17:44 UTC

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.

CVE-2021-44622 tp-link vulnerability CVSS: 10.0 10 Mar 2022, 17:44 UTC

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.

CVE-2021-44032 tp-link vulnerability CVSS: 5.0 10 Mar 2022, 17:44 UTC

TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript.

CVE-2022-25064 tp-link vulnerability CVSS: 7.5 25 Feb 2022, 20:15 UTC

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.

CVE-2022-25062 tp-link vulnerability CVSS: 5.0 25 Feb 2022, 20:15 UTC

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVE-2022-25061 tp-link vulnerability CVSS: 7.5 25 Feb 2022, 20:15 UTC

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.

CVE-2022-25060 tp-link vulnerability CVSS: 10.0 25 Feb 2022, 20:15 UTC

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.

CVE-2022-25074 tp-link vulnerability CVSS: 10.0 24 Feb 2022, 15:15 UTC

TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

CVE-2022-25073 tp-link vulnerability CVSS: 10.0 24 Feb 2022, 15:15 UTC

TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

CVE-2022-25072 tp-link vulnerability CVSS: 10.0 24 Feb 2022, 15:15 UTC

TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

CVE-2022-24355 tp-link vulnerability CVSS: 8.3 18 Feb 2022, 20:15 UTC

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name extensions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13910.

CVE-2022-24354 tp-link vulnerability CVSS: 8.3 18 Feb 2022, 20:15 UTC

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15835.

CVE-2022-22922 tp-link vulnerability CVSS: 7.5 18 Feb 2022, 01:15 UTC

TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.

CVE-2022-0162 tp-link vulnerability CVSS: 7.5 09 Feb 2022, 23:15 UTC

The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.

CVE-2021-44864 tp-link vulnerability CVSS: 4.0 08 Feb 2022, 15:15 UTC

TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter.

CVE-2021-35004 tp-link vulnerability CVSS: 10.0 21 Jan 2022, 16:15 UTC

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14656.

CVE-2021-35003 tp-link vulnerability CVSS: 10.0 21 Jan 2022, 16:15 UTC

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14655.

CVE-2021-41451 tp-link vulnerability CVSS: 5.0 17 Dec 2021, 15:15 UTC

A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack.

CVE-2021-41450 tp-link vulnerability CVSS: 5.0 08 Dec 2021, 16:15 UTC

An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.

CVE-2021-40288 tp-link vulnerability CVSS: 7.8 07 Dec 2021, 20:15 UTC

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames

CVE-2021-41653 tp-link vulnerability CVSS: 10.0 13 Nov 2021, 15:15 UTC

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.

CVE-2021-29280 tp-link vulnerability CVSS: 4.3 19 Aug 2021, 16:15 UTC

In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow

CVE-2021-38543 tp-link vulnerability CVSS: 4.3 11 Aug 2021, 16:15 UTC

TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers.

CVE-2021-28858 tp-link vulnerability CVSS: 2.1 15 Jun 2021, 22:15 UTC

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.

CVE-2021-28857 tp-link vulnerability CVSS: 5.0 15 Jun 2021, 22:15 UTC

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.

CVE-2021-31659 tp-link vulnerability CVSS: 6.8 10 Jun 2021, 15:15 UTC

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with.

CVE-2021-31658 tp-link vulnerability CVSS: 5.8 10 Jun 2021, 15:15 UTC

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased.

CVE-2020-17891 tp-link vulnerability CVSS: 4.3 14 May 2021, 20:15 UTC

TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code.

CVE-2021-27246 tp-link vulnerability CVSS: 7.9 14 Apr 2021, 16:15 UTC

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-12306.

CVE-2021-26827 tp-link vulnerability CVSS: 7.8 14 Apr 2021, 14:15 UTC

Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the "/userRpm/popupSiteSurveyRpm.html" webpage, which crashes the router.

CVE-2021-3125 tp-link vulnerability CVSS: 4.3 12 Apr 2021, 19:15 UTC

In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.

CVE-2021-3275 tp-link vulnerability CVSS: 4.3 26 Mar 2021, 13:15 UTC

Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization.

CVE-2021-27210 tp-link vulnerability CVSS: 4.0 13 Feb 2021, 01:15 UTC

TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.

CVE-2021-27209 tp-link vulnerability CVSS: 3.6 13 Feb 2021, 01:15 UTC

In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.

CVE-2020-35576 tp-link vulnerability CVSS: 9.0 26 Jan 2021, 18:15 UTC

A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.

CVE-2020-36178 tp-link vulnerability CVSS: 10.0 06 Jan 2021, 21:15 UTC

oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem.

CVE-2020-35575 tp-link vulnerability CVSS: 7.5 26 Dec 2020, 02:15 UTC

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.

CVE-2020-5797 tp-link vulnerability CVSS: 3.6 21 Nov 2020, 06:15 UTC

UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.

CVE-2020-28877 tp-link vulnerability CVSS: 7.5 20 Nov 2020, 16:15 UTC

Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.

CVE-2020-28005 tp-link vulnerability CVSS: 3.5 18 Nov 2020, 16:15 UTC

httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023

CVE-2020-24297 tp-link vulnerability CVSS: 9.0 18 Nov 2020, 16:15 UTC

httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023

CVE-2020-28347 tp-link vulnerability CVSS: 10.0 08 Nov 2020, 20:15 UTC

tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled.

CVE-2020-5795 tp-link vulnerability CVSS: 7.2 06 Nov 2020, 15:15 UTC

UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router.

CVE-2020-24363 tp-link vulnerability CVSS: 8.3 31 Aug 2020, 16:15 UTC

TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.

CVE-2020-14965 tp-link vulnerability CVSS: 3.5 23 Jun 2020, 14:15 UTC

On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.

CVE-2020-13224 tp-link vulnerability CVSS: 9.0 17 Jun 2020, 13:15 UTC

TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow

CVE-2020-12695 tp-link vulnerability CVSS: 7.8 08 Jun 2020, 17:15 UTC

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

CVE-2020-10916 tp-link vulnerability CVSS: 5.2 07 May 2020, 23:15 UTC

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003.

CVE-2020-12109 tp-link vulnerability CVSS: 9.0 04 May 2020, 16:15 UTC

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

CVE-2020-12111 tp-link vulnerability CVSS: 9.0 04 May 2020, 15:15 UTC

Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304.

CVE-2020-12475 tp-link vulnerability CVSS: 2.1 04 May 2020, 14:15 UTC

TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar.

CVE-2020-12110 tp-link vulnerability CVSS: 5.0 04 May 2020, 14:15 UTC

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

CVE-2020-8423 tp-link vulnerability CVSS: 9.0 02 Apr 2020, 17:15 UTC

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network.

CVE-2020-10231 tp-link vulnerability CVSS: 5.0 01 Apr 2020, 14:15 UTC

TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.

CVE-2020-11445 tp-link vulnerability CVSS: 5.0 01 Apr 2020, 04:15 UTC

TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.

CVE-2020-10888 tp-link vulnerability CVSS: 7.5 25 Mar 2020, 21:15 UTC

This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the WAN interface. Was ZDI-CAN-9664.

CVE-2020-10887 tp-link vulnerability CVSS: 7.5 25 Mar 2020, 21:15 UTC

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663.

CVE-2020-10886 tp-link vulnerability CVSS: 7.5 25 Mar 2020, 21:15 UTC

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662.

CVE-2020-10885 tp-link vulnerability CVSS: 7.5 25 Mar 2020, 21:15 UTC

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses prior to further processing. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the root user. Was ZDI-CAN-9661.

CVE-2020-10884 tp-link vulnerability CVSS: 5.8 25 Mar 2020, 21:15 UTC

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652.

CVE-2020-10883 tp-link vulnerability CVSS: 4.6 25 Mar 2020, 21:15 UTC

This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651.

CVE-2020-10882 tp-link vulnerability CVSS: 8.3 25 Mar 2020, 21:15 UTC

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650.

CVE-2020-10881 tp-link vulnerability CVSS: 10.0 25 Mar 2020, 21:15 UTC

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9660.

CVE-2020-9375 tp-link vulnerability CVSS: 7.8 25 Mar 2020, 15:15 UTC

TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.

CVE-2020-9374 tp-link vulnerability CVSS: 7.5 24 Feb 2020, 19:15 UTC

On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.

CVE-2019-16893 tp-link vulnerability CVSS: 7.8 03 Feb 2020, 17:15 UTC

The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request.

CVE-2013-2646 tp-link vulnerability CVSS: 5.0 03 Feb 2020, 17:15 UTC

TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability.

CVE-2013-2573 tp-link vulnerability CVSS: 10.0 29 Jan 2020, 19:15 UTC

A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.

CVE-2013-2572 tp-link vulnerability CVSS: 5.0 29 Jan 2020, 19:15 UTC

A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files.

CVE-2019-19143 tp-link vulnerability CVSS: 4.1 27 Jan 2020, 19:15 UTC

TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI.

CVE-2019-17147 tp-link vulnerability CVSS: 9.3 07 Jan 2020, 23:15 UTC

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457.

CVE-2013-4654 tp-link vulnerability CVSS: 10.0 13 Nov 2019, 16:15 UTC

Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND..

CVE-2013-4848 tp-link vulnerability CVSS: 9.3 25 Oct 2019, 17:15 UTC

TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities.

CVE-2019-13653 tp-link vulnerability CVSS: 10.0 24 Oct 2019, 15:15 UTC

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5).

CVE-2019-13652 tp-link vulnerability CVSS: 10.0 24 Oct 2019, 15:15 UTC

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5).

CVE-2019-13651 tp-link vulnerability CVSS: 10.0 24 Oct 2019, 15:15 UTC

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5).

CVE-2019-13650 tp-link vulnerability CVSS: 10.0 24 Oct 2019, 15:15 UTC

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection (issue 2 of 5).

CVE-2019-13649 tp-link vulnerability CVSS: 10.0 24 Oct 2019, 15:15 UTC

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection (issue 1 of 5).

CVE-2019-13268 tp-link vulnerability CVSS: 5.8 27 Aug 2019, 18:15 UTC

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.)

CVE-2019-13267 tp-link vulnerability CVSS: 5.8 27 Aug 2019, 18:15 UTC

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender.

CVE-2019-13266 tp-link vulnerability CVSS: 5.8 27 Aug 2019, 18:15 UTC

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field.

CVE-2019-15060 tp-link vulnerability CVSS: 6.5 22 Aug 2019, 19:15 UTC

The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.

CVE-2019-12104 tp-link vulnerability CVSS: 9.0 14 Aug 2019, 21:15 UTC

The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities.

CVE-2019-12103 tp-link vulnerability CVSS: 10.0 14 Aug 2019, 21:15 UTC

The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability.

CVE-2019-13614 tp-link vulnerability CVSS: 7.5 17 Jul 2019, 18:15 UTC

CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server.

CVE-2019-13613 tp-link vulnerability CVSS: 7.5 17 Jul 2019, 17:15 UTC

CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server.

CVE-2018-16119 tp-link vulnerability CVSS: 9.0 20 Jun 2019, 16:15 UTC

Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (Firmware Version 3) allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm.

CVE-2019-6972 tp-link vulnerability CVSS: 5.0 19 Jun 2019, 15:15 UTC

An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the username is cleartext, and the password is hashed with the MD5 algorithm (after decoding of the URL encoded string with base64).

CVE-2019-6971 tp-link vulnerability CVSS: 10.0 19 Jun 2019, 15:15 UTC

An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials.

CVE-2019-6989 tp-link vulnerability CVSS: 9.0 06 Jun 2019, 18:29 UTC

TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.

CVE-2019-12195 tp-link vulnerability CVSS: 3.5 24 May 2019, 16:29 UTC

TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.

CVE-2016-10719 tp-link vulnerability CVSS: 4.3 15 May 2019, 14:29 UTC

TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password.

CVE-2018-18489 tp-link vulnerability CVSS: 6.8 16 Apr 2019, 19:29 UTC

The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472.

CVE-2018-15840 tp-link vulnerability CVSS: 5.0 29 Mar 2019, 18:29 UTC

TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command.

CVE-2019-6487 tp-link vulnerability CVSS: 6.5 18 Jan 2019, 10:29 UTC

TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.

CVE-2018-20372 tp-link vulnerability CVSS: 3.5 23 Dec 2018, 02:29 UTC

TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.

CVE-2018-3951 tp-link vulnerability CVSS: 6.5 01 Dec 2018, 06:29 UTC

An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability.

CVE-2018-3950 tp-link vulnerability CVSS: 6.5 01 Dec 2018, 04:29 UTC

An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability.

CVE-2018-3949 tp-link vulnerability CVSS: 5.0 01 Dec 2018, 03:29 UTC

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability.

CVE-2018-3948 tp-link vulnerability CVSS: 5.0 30 Nov 2018, 17:29 UTC

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability.

CVE-2018-19537 tp-link vulnerability CVSS: 9.0 26 Nov 2018, 03:29 UTC

TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases.

CVE-2018-19528 tp-link vulnerability CVSS: 10.0 26 Nov 2018, 02:29 UTC

TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp.

CVE-2018-18428 tp-link vulnerability CVSS: 5.0 19 Oct 2018, 22:29 UTC

TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI.

CVE-2018-15702 tp-link vulnerability CVSS: 6.8 01 Oct 2018, 20:29 UTC

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field.

CVE-2018-15701 tp-link vulnerability CVSS: 3.3 01 Oct 2018, 20:29 UTC

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field.

CVE-2018-15700 tp-link vulnerability CVSS: 6.1 01 Oct 2018, 20:29 UTC

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field.

CVE-2018-5393 tp-link vulnerability CVSS: 10.0 28 Sep 2018, 17:29 UTC

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode.

CVE-2018-17018 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name.

CVE-2018-17017 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for dhcpd udhcpd enable.

CVE-2018-17016 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for reboot_timer name.

CVE-2018-17015 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username.

CVE-2018-17014 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ip_mac_bind name.

CVE-2018-17013 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate.

CVE-2018-17012 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit.

CVE-2018-17011 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun.

CVE-2018-17010 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g bandwidth.

CVE-2018-17009 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate.

CVE-2018-17008 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power.

CVE-2018-17007 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_wds_2g ssid.

CVE-2018-17006 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2.

CVE-2018-17005 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable.

CVE-2018-17004 tp-link vulnerability CVSS: 4.0 13 Sep 2018, 18:29 UTC

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name.

CVE-2018-15172 tp-link vulnerability CVSS: 5.0 15 Aug 2018, 17:29 UTC

TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.

CVE-2018-14336 tp-link vulnerability CVSS: 5.0 19 Jul 2018, 20:29 UTC

TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.

CVE-2018-13134 tp-link vulnerability CVSS: 4.3 04 Jul 2018, 08:29 UTC

TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.

CVE-2018-12577 tp-link vulnerability CVSS: 6.5 02 Jul 2018, 16:29 UTC

The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.

CVE-2018-12576 tp-link vulnerability CVSS: 4.3 02 Jul 2018, 16:29 UTC

TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.

CVE-2018-12575 tp-link vulnerability CVSS: 7.5 02 Jul 2018, 16:29 UTC

On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.

CVE-2018-12574 tp-link vulnerability CVSS: 6.8 02 Jul 2018, 16:29 UTC

CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.

CVE-2018-12694 tp-link vulnerability CVSS: 7.8 23 Jun 2018, 21:29 UTC

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json.

CVE-2018-12693 tp-link vulnerability CVSS: 6.8 23 Jun 2018, 21:29 UTC

Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json.

CVE-2018-12692 tp-link vulnerability CVSS: 6.5 23 Jun 2018, 21:29 UTC

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json.

CVE-2018-11714 tp-link vulnerability CVSS: 10.0 04 Jun 2018, 14:29 UTC

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action.

CVE-2018-10168 tp-link vulnerability CVSS: 6.5 03 May 2018, 18:29 UTC

TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.

CVE-2018-10167 tp-link vulnerability CVSS: 6.0 03 May 2018, 18:29 UTC

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows.

CVE-2018-10166 tp-link vulnerability CVSS: 6.8 03 May 2018, 18:29 UTC

The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows.

CVE-2018-10165 tp-link vulnerability CVSS: 3.5 03 May 2018, 18:29 UTC

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows.

CVE-2018-10164 tp-link vulnerability CVSS: 3.5 03 May 2018, 18:29 UTC

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows.

CVE-2017-15637 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.

CVE-2017-15636 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.

CVE-2017-15635 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.

CVE-2017-15634 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.

CVE-2017-15633 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.

CVE-2017-15632 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.

CVE-2017-15631 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.

CVE-2017-15630 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file.

CVE-2017-15629 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.

CVE-2017-15628 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file.

CVE-2017-15627 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file.

CVE-2017-15626 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file.

CVE-2017-15625 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file.

CVE-2017-15624 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file.

CVE-2017-15623 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file.

CVE-2017-15622 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file.

CVE-2017-15621 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file.

CVE-2017-15620 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file.

CVE-2017-15619 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file.

CVE-2017-15618 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.

CVE-2017-15617 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.

CVE-2017-15616 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.

CVE-2017-15615 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file.

CVE-2017-15614 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.

CVE-2017-15613 tp-link vulnerability CVSS: 9.0 11 Jan 2018, 16:29 UTC

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file.

CVE-2017-17747 tp-link vulnerability CVSS: 2.7 20 Dec 2017, 20:29 UTC

Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.

CVE-2017-17746 tp-link vulnerability CVSS: 7.7 20 Dec 2017, 20:29 UTC

Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated.

CVE-2017-17745 tp-link vulnerability CVSS: 3.5 20 Dec 2017, 20:29 UTC

Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter.

CVE-2017-17758 tp-link vulnerability CVSS: 9.0 19 Dec 2017, 07:29 UTC

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd.

CVE-2017-17757 tp-link vulnerability CVSS: 9.0 19 Dec 2017, 07:29 UTC

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.

CVE-2017-16960 tp-link vulnerability CVSS: 9.0 27 Nov 2017, 10:29 UTC

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.

CVE-2017-16959 tp-link vulnerability CVSS: 4.0 27 Nov 2017, 10:29 UTC

The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.

CVE-2017-16958 tp-link vulnerability CVSS: 9.0 27 Nov 2017, 10:29 UTC

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.

CVE-2017-16957 tp-link vulnerability CVSS: 9.0 27 Nov 2017, 10:29 UTC

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.

CVE-2017-13772 tp-link vulnerability CVSS: 9.0 23 Oct 2017, 18:29 UTC

Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.

CVE-2017-15291 tp-link vulnerability CVSS: 4.3 20 Oct 2017, 17:29 UTC

Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field.

CVE-2017-11519 tp-link vulnerability CVSS: 5.0 21 Jul 2017, 21:29 UTC

passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.

CVE-2017-10796 tp-link vulnerability CVSS: 3.3 02 Jul 2017, 22:29 UTC

On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL.

CVE-2017-9466 tp-link vulnerability CVSS: 7.5 26 Jun 2017, 07:29 UTC

The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuration service tddp via the LAN and Ath0 (Wi-Fi) interfaces.

CVE-2017-8078 tp-link vulnerability CVSS: 5.0 23 Apr 2017, 16:59 UTC

On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVE-2017-8077 tp-link vulnerability CVSS: 5.0 23 Apr 2017, 16:59 UTC

On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVE-2017-8076 tp-link vulnerability CVSS: 7.8 23 Apr 2017, 16:59 UTC

On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVE-2017-8075 tp-link vulnerability CVSS: 5.0 23 Apr 2017, 16:59 UTC

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVE-2017-8074 tp-link vulnerability CVSS: 5.0 23 Apr 2017, 16:59 UTC

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVE-2016-1000009 tp-link vulnerability CVSS: 5.0 06 Oct 2016, 14:59 UTC

TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices.

CVE-2015-3035 tp-link vulnerability CVSS: 7.8 22 Apr 2015, 01:59 UTC

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

CVE-2014-9510 tp-link vulnerability CVSS: 6.8 09 Jan 2015, 18:59 UTC

Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import.

CVE-2014-9350 tp-link vulnerability CVSS: 5.0 08 Dec 2014, 16:59 UTC

TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm.

CVE-2013-2645 tp-link vulnerability CVSS: 9.3 06 Oct 2014, 01:55 UTC

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm.

CVE-2014-4728 tp-link vulnerability CVSS: 5.0 30 Sep 2014, 16:55 UTC

The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request.

CVE-2014-4727 tp-link vulnerability CVSS: 4.3 30 Sep 2014, 16:55 UTC

Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request.

CVE-2012-6316 tp-link vulnerability CVSS: 4.3 30 Sep 2014, 14:55 UTC

Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm.

CVE-2013-6786 tp-link vulnerability CVSS: 4.3 16 Jan 2014, 19:55 UTC

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately.

CVE-2013-2581 tp-link vulnerability CVSS: 7.8 11 Oct 2013, 21:55 UTC

cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action.

CVE-2013-2580 tp-link vulnerability CVSS: 7.1 11 Oct 2013, 21:55 UTC

Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file in the mnt/mtd directory.

CVE-2013-2579 tp-link vulnerability CVSS: 10.0 11 Oct 2013, 21:55 UTC

TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session.

CVE-2013-2578 tp-link vulnerability CVSS: 10.0 11 Oct 2013, 21:55 UTC

cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters.

CVE-2013-3688 tp-link vulnerability CVSS: 7.1 01 Oct 2013, 19:55 UTC

The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative functions, which allows remote attackers to (1) cause a denial of service (device reboot) via a request to cgi-bin/reboot or (2) cause a denial of service (reboot and reset to factory defaults) via a request to cgi-bin/hardfactorydefault.

CVE-2012-6276 tp-link vulnerability CVSS: 4.3 26 Jan 2013, 21:55 UTC

Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter.

CVE-2012-5687 tp-link vulnerability CVSS: 7.8 01 Nov 2012, 10:44 UTC

Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.

CVE-2012-2440 tp-link vulnerability CVSS: 7.5 28 Apr 2012, 00:55 UTC

The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.