Filtered by vendor Tp-link
Subscribe
Search
Total
231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27098 | 1 Tp-link | 2 Tapo, Tapo C200 | 2024-01-12 | N/A | 7.5 HIGH |
| TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | |||||
| CVE-2023-34829 | 1 Tp-link | 1 Tapo | 2024-01-05 | N/A | 6.5 MEDIUM |
| Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. | |||||
| CVE-2023-38906 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2023-08-25 | N/A | 6.5 MEDIUM |
| An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message. | |||||
| CVE-2023-38908 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2023-08-25 | N/A | 6.5 MEDIUM |
| An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function. | |||||
| CVE-2023-38909 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2023-08-25 | N/A | 6.5 MEDIUM |
| An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function. | |||||
| CVE-2023-39747 | 1 Tp-link | 6 Tl-wr841n V8, Tl-wr841n V8 Firmware, Tl-wr940n V2 and 3 more | 2023-08-25 | N/A | 9.8 CRITICAL |
| TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm. | |||||
| CVE-2023-39748 | 1 Tp-link | 2 Tl-wr1041n V2, Tl-wr1041n V2 Firmware | 2023-08-25 | N/A | 7.5 HIGH |
| An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-39745 | 1 Tp-link | 6 Tl-wr841n V8, Tl-wr841n V8 Firmware, Tl-wr940n V2 and 3 more | 2023-08-25 | N/A | 7.5 HIGH |
| TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-39751 | 1 Tp-link | 2 Tl-wr941nd V6, Tl-wr941nd V6 Firmware | 2023-08-24 | N/A | 9.8 CRITICAL |
| TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm. | |||||
| CVE-2023-1389 | 1 Tp-link | 2 Archer Ax21, Archer Ax21 Firmware | 2023-08-11 | N/A | 8.8 HIGH |
| TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. | |||||
| CVE-2022-41783 | 1 Tp-link | 2 Re3000, Re3000 Firmware | 2023-08-08 | N/A | 5.5 MEDIUM |
| tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function. | |||||
| CVE-2021-40288 | 1 Tp-link | 2 Archer Ax10, Archer Ax10 Firmware | 2023-08-08 | 7.8 HIGH | 7.5 HIGH |
| A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames | |||||
| CVE-2022-22922 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges. | |||||
| CVE-2022-25064 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. | |||||
| CVE-2022-41505 | 1 Tp-link | 2 Tapo C200 V1, Tapo C200 V1 Firmware | 2023-08-08 | N/A | 6.4 MEDIUM |
| An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value. | |||||
| CVE-2022-37860 | 1 Tp-link | 2 M7350, M7350 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. | |||||
| CVE-2022-25060 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. | |||||
| CVE-2022-25061 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. | |||||
| CVE-2023-31710 | 1 Tp-link | 2 Archer Ax21, Archer Ax21 Firmware | 2023-08-04 | N/A | 9.8 CRITICAL |
| TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow. | |||||
| CVE-2023-30383 | 1 Tp-link | 6 Archer C20, Archer C20 Firmware, Archer C2 V1 and 3 more | 2023-07-28 | N/A | 7.5 HIGH |
| TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data. | |||||
| CVE-2022-30024 | 1 Tp-link | 6 Tl-wr841, Tl-wr841 Firmware, Tl-wr841n and 3 more | 2022-07-21 | N/A | 8.8 HIGH |
| A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected. | |||||
| CVE-2022-32058 | 1 Tp-link | 4 Tl-wr741n, Tl-wr741n Firmware, Tl-wr742n and 1 more | 2022-07-18 | 7.8 HIGH | 7.5 HIGH |
| An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2021-44032 | 1 Tp-link | 1 Omada Software Controller | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript. | |||||
| CVE-2022-33087 | 1 Tp-link | 4 Archer A5, Archer A5 Firmware, Archer C50 and 1 more | 2022-07-08 | 7.8 HIGH | 7.5 HIGH |
| A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||||
| CVE-2022-30075 | 1 Tp-link | 2 Archer Ax50, Archer Ax50 Firmware | 2022-06-20 | 6.5 MEDIUM | 8.8 HIGH |
| In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. | |||||
| CVE-2022-29402 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2022-06-07 | 7.2 HIGH | 6.8 MEDIUM |
| TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. | |||||
| CVE-2022-26640 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2022-06-05 | 6.5 MEDIUM | 7.2 HIGH |
| TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter. | |||||
| CVE-2022-26639 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2022-06-05 | 6.5 MEDIUM | 7.2 HIGH |
| TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. | |||||
| CVE-2022-26987 | 3 Fastcom, Mercusys, Tp-link | 12 Fac1900r, Fac1900r Firmware, Mercury D196g and 9 more | 2022-05-16 | 7.2 HIGH | 7.8 HIGH |
| TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution. | |||||
| CVE-2022-26988 | 3 Fastcom, Mercusys, Tp-link | 12 Fac1900r, Fac1900r Firmware, Mercury D196g and 9 more | 2022-05-16 | 7.2 HIGH | 7.8 HIGH |
| TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution. | |||||
| CVE-2021-46122 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2022-04-26 | 9.0 HIGH | 7.2 HIGH |
| Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature. | |||||
| CVE-2022-24355 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2022-02-28 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name extensions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13910. | |||||
| CVE-2022-24354 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2022-02-28 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15835. | |||||
| CVE-2022-0162 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface. | |||||
| CVE-2021-44864 | 1 Tp-link | 2 Wn886n, Wn886n Firmware | 2022-02-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter. | |||||
| CVE-2021-35004 | 1 Tp-link | 2 Tl-wa1201, Tl-wa1201 Firmware | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14656. | |||||
| CVE-2021-35003 | 1 Tp-link | 2 Archer C90, Archer C90 Firmware | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14655. | |||||
| CVE-2021-4144 | 1 Tp-link | 2 Tl-wr802n, Tl-wr802n Firmware | 2022-01-04 | 6.5 MEDIUM | 8.8 HIGH |
| TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. | |||||
| CVE-2020-9374 | 1 Tp-link | 2 Tl-wr849n, Tl-wr849n Firmware | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature. | |||||
| CVE-2021-41451 | 1 Tp-link | 2 Archer Ax10, Archer Ax10 Firmware | 2021-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack. | |||||
| CVE-2021-41450 | 1 Tp-link | 2 Archer Ax10 V1, Archer Ax10 V1 Firmware | 2021-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. | |||||
| CVE-2021-41653 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2021-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | |||||
| CVE-2020-10887 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2021-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663. | |||||
| CVE-2020-35575 | 1 Tp-link | 54 Archer C5, Archer C5 Firmware, Archer C7 and 51 more | 2021-09-07 | 7.5 HIGH | 9.8 CRITICAL |
| A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices. | |||||
| CVE-2021-29280 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2021-08-26 | 4.3 MEDIUM | 6.4 MEDIUM |
| In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow | |||||
| CVE-2021-38543 | 1 Tp-link | 2 Ue330, Ue330 Firmware | 2021-08-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers. | |||||
| CVE-2020-15054 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2021-07-21 | 3.3 LOW | 8.8 HIGH |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | |||||
| CVE-2020-35576 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577. | |||||
| CVE-2020-28347 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled. | |||||
| CVE-2020-11445 | 1 Tp-link | 30 Kc200, Kc200 Firmware, Kc300s2 and 27 more | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. | |||||