Filtered by vendor Tp-link
Subscribe
Search
Total
58 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34829 | 1 Tp-link | 1 Tapo | 2024-01-05 | N/A | 6.5 MEDIUM |
| Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. | |||||
| CVE-2023-38906 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2023-08-25 | N/A | 6.5 MEDIUM |
| An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message. | |||||
| CVE-2023-38908 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2023-08-25 | N/A | 6.5 MEDIUM |
| An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function. | |||||
| CVE-2023-38909 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2023-08-25 | N/A | 6.5 MEDIUM |
| An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function. | |||||
| CVE-2022-41783 | 1 Tp-link | 2 Re3000, Re3000 Firmware | 2023-08-08 | N/A | 5.5 MEDIUM |
| tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function. | |||||
| CVE-2022-41505 | 1 Tp-link | 2 Tapo C200 V1, Tapo C200 V1 Firmware | 2023-08-08 | N/A | 6.4 MEDIUM |
| An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value. | |||||
| CVE-2022-29402 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2022-06-07 | 7.2 HIGH | 6.8 MEDIUM |
| TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. | |||||
| CVE-2021-44864 | 1 Tp-link | 2 Wn886n, Wn886n Firmware | 2022-02-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter. | |||||
| CVE-2021-29280 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2021-08-26 | 4.3 MEDIUM | 6.4 MEDIUM |
| In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow | |||||
| CVE-2021-38543 | 1 Tp-link | 2 Ue330, Ue330 Firmware | 2021-08-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers. | |||||
| CVE-2020-14965 | 1 Tp-link | 4 Tl-wr740n, Tl-wr740n Firmware, Tl-wr740nd and 1 more | 2021-07-21 | 3.5 LOW | 4.8 MEDIUM |
| On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator. | |||||
| CVE-2020-15057 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2021-07-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. | |||||
| CVE-2020-11445 | 1 Tp-link | 30 Kc200, Kc200 Firmware, Kc300s2 and 27 more | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. | |||||
| CVE-2021-28858 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2021-06-23 | 2.1 LOW | 5.5 MEDIUM |
| TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. | |||||
| CVE-2020-17891 | 1 Tp-link | 2 Archer C1200, Archer C1200 Firmware | 2021-05-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code. | |||||
| CVE-2017-10796 | 1 Tp-link | 2 Nc250, Nc250 Firmware | 2021-05-07 | 3.3 LOW | 6.5 MEDIUM |
| On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. | |||||
| CVE-2021-3275 | 1 Tp-link | 10 Archer-c3150, Archer-c3150 Firmware, Td-w9977 and 7 more | 2021-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization. | |||||
| CVE-2021-27210 | 1 Tp-link | 2 Archer C5v, Archer C5v Firmware | 2021-02-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI. | |||||
| CVE-2020-5797 | 1 Tp-link | 2 Archer C9, Archer C9 Firmware | 2020-12-03 | 3.6 LOW | 6.1 MEDIUM |
| UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. | |||||
| CVE-2020-28005 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2020-12-01 | 3.5 LOW | 6.5 MEDIUM |
| httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023 | |||||
| CVE-2020-5795 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2020-11-19 | 7.2 HIGH | 6.2 MEDIUM |
| UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. | |||||
| CVE-2018-17009 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate. | |||||
| CVE-2017-8217 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. | |||||
| CVE-2018-12693 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2020-08-24 | 6.8 MEDIUM | 6.5 MEDIUM |
| Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json. | |||||
| CVE-2018-17017 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for dhcpd udhcpd enable. | |||||
| CVE-2018-17018 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name. | |||||
| CVE-2018-17012 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit. | |||||
| CVE-2018-17013 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate. | |||||
| CVE-2018-17014 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ip_mac_bind name. | |||||
| CVE-2018-17015 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username. | |||||
| CVE-2018-17016 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for reboot_timer name. | |||||
| CVE-2018-17004 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name. | |||||
| CVE-2018-17005 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable. | |||||
| CVE-2018-17006 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2. | |||||
| CVE-2018-17007 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_wds_2g ssid. | |||||
| CVE-2018-17008 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power. | |||||
| CVE-2018-17010 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g bandwidth. | |||||
| CVE-2018-17011 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun. | |||||
| CVE-2018-18489 | 1 Tp-link | 2 Wr840n, Wr840n Firmware | 2020-08-24 | 6.8 MEDIUM | 4.9 MEDIUM |
| The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472. | |||||
| CVE-2019-19143 | 1 Tp-link | 2 Tl-wr849n, Tl-wr849n Firmware | 2020-08-24 | 4.1 MEDIUM | 6.1 MEDIUM |
| TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI. | |||||
| CVE-2020-15056 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2020-08-09 | 2.3 LOW | 4.3 MEDIUM |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | |||||
| CVE-2020-12475 | 1 Tp-link | 1 Omada Controller | 2020-05-08 | 2.1 LOW | 5.5 MEDIUM |
| TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. | |||||
| CVE-2017-17747 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2019-10-03 | 2.7 LOW | 6.5 MEDIUM |
| Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. | |||||
| CVE-2017-17746 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2019-10-03 | 7.7 HIGH | 6.8 MEDIUM |
| Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated. | |||||
| CVE-2018-12576 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2019-10-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. | |||||
| CVE-2019-12195 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2019-05-29 | 3.5 LOW | 4.8 MEDIUM |
| TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet. | |||||
| CVE-2016-10719 | 1 Tp-link | 2 Archer Cr700, Archer Cr700 Firmware | 2019-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password. | |||||
| CVE-2018-13134 | 1 Tp-link | 2 Archer C1200, Archer C1200 Firmware | 2019-03-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. | |||||
| CVE-2018-20372 | 1 Tp-link | 2 Td-w8961nd, Td-w8961nd Firmware | 2019-01-11 | 3.5 LOW | 5.4 MEDIUM |
| TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. | |||||
| CVE-2018-15700 | 1 Tp-link | 2 Tl-wrn841n, Tl-wrn841n Firmware | 2018-11-27 | 6.1 MEDIUM | 6.5 MEDIUM |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field. | |||||