Skip to main content

TP-Link

440 CVEs vendor

Monthly

CVE-2026-13230 MEDIUM PATCH This Month

Unauthenticated information disclosure in TP-Link Kasa EC70 v4 and EC71 v4 exposes sensitive geolocation data to any attacker on the same local network segment. The flaw resides in the devices' local discovery mechanism, which returns geolocation-related information in response to crafted network probes without requiring any credentials. Impact is limited to confidentiality; no integrity or availability compromise is possible through this vector. No public exploit exists and no active exploitation has been confirmed.

TP-Link Information Disclosure Kasa Ec71 V4 Kasa Ec70 V4
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2026-5040 HIGH PATCH This Week

Credential disclosure in TP-Link Deco M5 v1 mesh routers stems from a weak (computationally cheap) password-hashing scheme used to store local user credentials, letting an attacker who has already obtained the stored hash recover the plaintext password via offline brute-force or dictionary attacks. Affected devices are the Deco M5 v1 hardware revision, and successful cracking yields access to device management functions scoped to the recovered account's privileges. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the CVSS 4.0 vector (AV:L/AC:H/PR:H) reflects that it is a post-compromise credential-recovery weakness rather than a remote entry point.

TP-Link Authentication Bypass Deco M5 Deco M5 V1
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2026-9105 MEDIUM PATCH This Month

Stack-based buffer overflow in the TP-Link TL-WR841N v14 web management interface allows an authenticated attacker on the same local network segment to crash the embedded web server via crafted HTTP requests, forcing the device to automatically reboot. The impact is limited exclusively to availability - no confidentiality or integrity exposure has been identified. No public exploit code or CISA KEV listing exists at time of analysis; the constrained attack prerequisites (adjacent network, administrative credentials) significantly bound real-world risk.

TP-Link Buffer Overflow Stack Overflow Tl Wr841M V14
NVD VulDB
CVSS 4.0
6.8
EPSS
0.3%
CVE-2026-11834 HIGH PATCH This Week

Command injection in TP-Link Archer and TL-MR series routers allows an adjacent unauthenticated attacker on the same broadcast domain to execute arbitrary commands with elevated privileges by supplying crafted DHCP option responses. The flaw resides in DHCP client option processing during device initialization and is most reliably triggered when the router is in factory-default or unconfigured state. No public exploit identified at time of analysis, but the vendor (TP-Link) has confirmed the issue and released firmware patches.

Command Injection TP-Link Archer Mr200 V07 Archer Mr200 V8 Archer Mr402 V1 +4
NVD VulDB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-9151 HIGH PATCH This Week

OS command injection in the VPN module of TP-Link Archer AX12 v1, AX17 v1, AX18 v1, and AX1300 v1.6 routers allows an authenticated attacker on an adjacent network to execute arbitrary commands by uploading a malicious VPN client configuration file. The flaw stems from improper sanitization of special characters during configuration import (CWE-78) and carries a CVSS 4.0 base score of 8.5. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV, but TP-Link has released firmware fixes for all affected models.

Command Injection TP-Link
NVD
CVSS 4.0
8.5
EPSS
0.4%
CVE-2026-8714 HIGH PATCH This Week

Denial of service in the RTSP server of TP-Link Tapo C520WS v2 IP cameras allows adjacent network attackers to render the camera's video streaming service non-responsive by sending syntactically invalid RTSP input. The flaw is reachable without authentication or user interaction from the local network segment (CVSS 4.0 vector AV:A/PR:N/UI:N) and no public exploit identified at time of analysis. While confidentiality and integrity are unaffected, availability of the surveillance stream is fully impacted, which is operationally significant for a security camera.

Information Disclosure TP-Link Tapo C520Ws V2
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-1871 HIGH PATCH This Week

Denial of service in TP-Link Tapo C200 v5 IP cameras allows adjacent network attackers to crash the RTSP service and force a device reboot by sending a crafted Authorization header in an RTSP authentication request. The flaw is a stack-based buffer overflow (CWE-121) in the RTSP authentication handler; no public exploit identified at time of analysis, but vendor-acknowledged and patched firmware is available from TP-Link.

Buffer Overflow TP-Link Denial Of Service Stack Overflow
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-34127 MEDIUM PATCH This Month

Stored XSS in the TP-Link TL-SG108PE v5 web management interface allows an authenticated administrator on an adjacent network to inject persistent malicious script via the SYSNAM configuration parameter during a config file import operation. The injected payload is stored on the device and executes in any administrator's browser upon viewing the affected management page, enabling session cookie theft, unauthorized configuration changes, or exposure of sensitive management-plane data. No public exploit code has been identified at time of analysis, and CISA SSVC assessment rates exploitation as none and not automatable, consistent with the high privilege and adjacency prerequisites.

XSS TP-Link
NVD VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-34126 HIGH PATCH This Week

Cleartext Bluetooth transmission in TP-Link Tapo L535E, P300, and D100C devices allows adjacent attackers to intercept and manipulate initial setup data, enabling potential unauthorized device control during onboarding. The flaw stems from missing encryption on the Bluetooth pairing channel used only during initialization, and TP-Link has released patched firmware versions for all affected models. No public exploit identified at time of analysis, but the low complexity and absence of authentication make this a meaningful risk for users provisioning devices in dense urban or office environments.

TP-Link Authentication Bypass
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-3294 HIGH PATCH This Week

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full administrative control of the affected device, potentially impacting on confidentiality, integrity, and availability.

TP-Link Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2018-25321 MEDIUM POC This Month

TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF TP-Link
NVD Exploit-DB VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-5039 MEDIUM PATCH This Month

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition.

Authentication Bypass TP-Link
NVD
CVSS 4.0
6.1
EPSS
0.0%
CVE-2026-5363 MEDIUM Monitor

TP-Link Archer C7 v5 and v5.8 routers use weak RSA-1024 encryption for admin password transmission during web login, allowing adjacent attackers with network traffic interception capability to perform cryptanalytic attacks (brute-force or key factorization) to recover plaintext credentials and gain unauthorized administrative access. EPSS score of P (Probable) and active POC availability indicate realistic exploitation risk in local network environments; however, exploitation requires both network adjacency and successful cryptanalysis of a 1024-bit RSA key, limiting attack scope to motivated adversaries on shared networks (e.g., compromised WiFi).

Authentication Bypass TP-Link
NVD VulDB
CVSS 4.0
5.4
EPSS
0.0%
CVE-2026-30818 HIGH PATCH This Week

OS command injection in TP-Link Archer AX53 v1.0 dnsmasq module allows authenticated adjacent attackers to execute arbitrary code through maliciously crafted configuration files. Successful exploitation enables device configuration modification, sensitive data access, and complete system compromise. Affects TP-Link Archer AX53 v1.0 firmware versions prior to 1.7.1 Build 20260213. Requires high-privilege adjacent network access (CVSS:4.0 AV:A/PR:H). No public exploit identified at time of analysis.

TP-Link RCE Command Injection
NVD
CVSS 4.0
8.5
EPSS
0.4%
CVE-2026-30817 MEDIUM PATCH This Month

External configuration control in TP-Link AX53 v1.0 OpenVPN module allows authenticated adjacent attackers to read arbitrary files by processing malicious configuration files, exposing sensitive device information. The vulnerability affects AX53 v1.0 prior to firmware build 1.7.1 Build 20260213 and requires high-level authentication and network adjacency to exploit. A vendor-released patch is available.

TP-Link Authentication Bypass
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-30816 MEDIUM PATCH This Month

External control of configuration in TP-Link Archer AX53 v1.0 OpenVPN module allows authenticated adjacent attackers with high privileges to read arbitrary files via malicious configuration file processing, exposing sensitive device information. CVSS 6.8 reflects high confidentiality impact; no public exploit code or active exploitation confirmed. Patch available: firmware version 1.7.1 Build 20260213 or later.

TP-Link Authentication Bypass
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-30815 HIGH PATCH This Week

OS command injection in TP-Link Archer AX53 v1.0 OpenVPN module allows authenticated adjacent attackers to execute arbitrary system commands through maliciously crafted configuration files. Exploitation requires high-privilege adjacency access but enables complete device compromise including configuration modification, credential disclosure, and persistent backdoor installation. Affects AX53 v1.0 firmware prior to 1.7.1 Build 20260213. No public exploit identified at time of analysis.

TP-Link Command Injection
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2026-30814 HIGH PATCH This Week

Stack-based buffer overflow in TP-Link Archer AX53 v1.0 tmpServer module enables authenticated adjacent attackers to execute arbitrary code via malicious configuration file. Exploitation triggers segmentation fault, permits device state modification, sensitive data exposure, and integrity compromise. Affects firmware versions before 1.7.1 Build 20260213. Requires high privileges and adjacent network access. No public exploit identified at time of analysis.

Information Disclosure Stack Overflow RCE Buffer Overflow TP-Link
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-34124 HIGH PATCH This Week

Denial-of-service vulnerability in TP-Link Tapo C520WS v2.6 camera allows adjacent network attackers to trigger buffer overflow through crafted HTTP requests with excessively long paths that bypass initial length validation during path normalization, resulting in memory corruption and device reboot without requiring authentication. Vendor has released a patch; no public exploit code identified at time of analysis.

TP-Link Buffer Overflow
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-34122 HIGH PATCH This Week

Stack-based buffer overflow in TP-Link Tapo C520WS v2.6 allows remote attackers to trigger denial-of-service by sending oversized configuration parameters to a vulnerable configuration handling component. Successful exploitation causes device crash or reboot, impacting camera availability. Vendor has released a patch.

TP-Link Buffer Overflow Stack Overflow
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-34121 HIGH PATCH This Week

TP-Link Tapo C520WS v2.6 contains an authentication bypass in its HTTP-based DS configuration service that allows unauthenticated attackers to execute privileged device configuration actions by appending authentication-exempt parameters to requests. The vulnerability stems from inconsistent JSON request parsing and authorization logic, enabling unauthorized modification of device state without requiring valid credentials. No public exploit code has been identified at time of analysis, and a vendor-released patch is available.

TP-Link Authentication Bypass
NVD VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-34120 HIGH PATCH This Week

Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows local network attackers to cause denial of service by sending crafted payloads during asynchronous video stream processing, triggering memory corruption and process crashes. The vulnerability stems from insufficient buffer boundary validation in streaming input handling. A vendor patch is available.

TP-Link Heap Overflow Buffer Overflow
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-34119 HIGH PATCH This Week

Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows unauthenticated network attackers to trigger denial-of-service by sending crafted HTTP payloads that bypass boundary validation during segmented request body parsing. The vulnerability exploits insufficient write-boundary verification in the HTTP parsing loop, causing heap memory corruption that crashes or hangs the device process. Patch is available from the vendor.

TP-Link Heap Overflow Buffer Overflow
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-34118 HIGH PATCH This Week

Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows remote attackers on the same network segment to trigger denial-of-service by sending crafted HTTP POST payloads that exceed allocated buffer boundaries. The vulnerability stems from missing validation in HTTP body parsing logic, causing process crashes or unresponsiveness. No CVSS score or vector data is available, limiting precise severity quantification, but the practical attack vector is network-adjacent and does not require authentication.

TP-Link Heap Overflow Buffer Overflow
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-15606 HIGH PATCH This Week

A Denial-of-Service vulnerability exists in the httpd component of TP-Link TD-W8961N v4.0 routers, caused by improper input sanitization (CWE-20) that allows attackers to craft malicious requests triggering httpd service crashes. The vulnerability enables service interruption and network unavailability for affected users. Although no CVSS score or EPSS metric is publicly available, a vendor patch is already available, indicating acknowledgment of the issue's severity and exploitability.

TP-Link Denial Of Service
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-15605 HIGH PATCH NEWS This Week

A hardcoded cryptographic key in the configuration mechanism of TP-Link Archer NX series routers (NX200, NX210, NX500, NX600) allows authenticated attackers to decrypt, modify, and re-encrypt device configuration files, compromising both confidentiality and integrity of router settings. This vulnerability affects multiple hardware versions across all four product lines, with patches now available from the vendor. While no public exploit code or active KEV status has been reported, the authenticated attack requirement and widespread deployment of these consumer routers present moderate real-world risk.

TP-Link Information Disclosure
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-15519 HIGH PATCH NEWS This Week

A command injection vulnerability exists in the modem-management administrative CLI of TP-Link Archer NX-series routers (NX200, NX210, NX500, NX600) due to improper input handling in CLI commands. An authenticated attacker with administrative privileges can inject crafted input into vulnerable CLI parameters to execute arbitrary operating system commands, compromising the confidentiality, integrity, and availability of the device. A patch is available from TP-Link, and no public exploit or active exploitation has been confirmed at this time.

TP-Link Command Injection
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-15518 HIGH PATCH NEWS This Week

A command injection vulnerability exists in the wireless-control administrative CLI command of TP-Link Archer NX series routers (models NX200, NX210, NX500, and NX600) due to improper input handling that allows crafted input to be executed as part of operating system commands. An authenticated attacker with administrative privileges can exploit this vulnerability to execute arbitrary commands on the device, compromising confidentiality, integrity, and availability. Patches are available from the vendor for all affected models and versions.

TP-Link Command Injection
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-15517 HIGH PATCH NEWS This Week

A missing authentication check in the HTTP server of TP-Link Archer NX-series routers (NX200, NX210, NX500, NX600) allows unauthenticated attackers to access privileged CGI endpoints intended for authenticated administrators. An attacker can perform critical operations including firmware upload and configuration changes without providing valid credentials, effectively gaining administrative control over the device. A vendor patch is available, and this vulnerability represents a direct authentication bypass with severe real-world exploitation potential.

TP-Link Authentication Bypass
NVD VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-30704 Monitor

The WiFi Extender WDR201A (hardware version 2.1, firmware LFMZX28040922V1.02) contains an unprotected UART interface exposed through accessible PCB pads, allowing information disclosure through direct hardware access. An attacker with physical access to the device can connect to the UART pins to read sensitive data, firmware contents, or configuration information without authentication. No CVSS score, EPSS metric, or KEV status is currently available, but a proof-of-concept and detailed security research have been published, confirming the vulnerability's practical exploitability.

TP-Link IoT Information Disclosure
NVD VulDB
EPSS
0.0%
CVE-2026-3227 HIGH PATCH This Week

Authenticated attackers can achieve root-level command execution on TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 routers by uploading a malicious configuration file through the import function, exploiting improper input validation in the port-trigger processing logic. Successful exploitation grants complete control over the affected device, allowing full compromise of the router and any connected network. A patch is available for this high-severity vulnerability.

TP-Link Command Injection Tl Wr802n V4 Tl Wr841n V14 Tl Wr840n V6
NVD VulDB
CVSS 4.0
8.5
EPSS
0.4%
CVE-2026-3841 HIGH This Week

A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations.

Command Injection TP-Link
NVD
CVSS 4.0
8.5
EPSS
0.5%
CVE-2026-0655 HIGH This Week

TP-Link Deco BE25 firmware versions 1.0 through 1.1.1 (Build 20250822) contain a path traversal vulnerability that allows authenticated adjacent network attackers to read arbitrary files or trigger denial of service without user interaction. The vulnerability affects the web module component and requires local network access with valid credentials to exploit. No patch is currently available for this high-severity flaw (CVSS 8.0).

TP-Link Denial Of Service Path Traversal Deco Be25 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-0654 HIGH This Week

Arbitrary command execution in TP-Link Deco BE25 firmware v1.0 through v1.1.1 Build 20250822 stems from improper input validation in the web administration interface, allowing authenticated adjacent attackers to inject OS commands via malicious configuration files. Successful exploitation grants full control over the affected device with complete compromise of confidentiality, integrity, and availability. No patch is currently available.

TP-Link Command Injection Deco Be25 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-1571 MEDIUM This Month

Reflected cross-site scripting in TP-Link Archer C60 v3 firmware permits arbitrary JavaScript execution through malicious URLs, enabling attackers to steal credentials or hijack sessions when targeted at privileged users. The vulnerability requires user interaction to trigger but has network-accessible attack vectors with no authentication needed. No patch is currently available.

TP-Link Archer C60 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-0653 MEDIUM This Month

Guest users on TP-Link Tapo C260 v1 cameras can modify protected device settings by exploiting inadequate access controls on synchronization endpoints. Authenticated attackers with limited privileges can bypass restrictions to change sensitive configuration parameters without authorization. No patch is currently available for this vulnerability.

TP-Link Authentication Bypass RCE Tapo C260 Firmware
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0652 HIGH This Week

Authenticated attackers can execute arbitrary commands on TP-Link Tapo C260 v1 cameras through command injection in POST parameters during configuration synchronization, potentially achieving complete device compromise. The vulnerability stems from insufficient input validation and affects confidentiality, integrity, and availability with no patch currently available.

TP-Link Command Injection Tapo C260 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-0651 MEDIUM This Month

TP-Link Tapo C260 v1 firmware contains a path traversal vulnerability in HTTPS GET request handling that allows local network attackers to probe filesystem paths and determine file existence without authentication. While the vulnerability does not permit file read, write, or code execution, it enables information disclosure about the device's filesystem structure to unauthenticated local users. No patch is currently available.

TP-Link Path Traversal RCE
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-15557 HIGH This Week

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. [CVSS 8.8 HIGH]

TP-Link Tapo P100 Firmware Tapo H100 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-15551 MEDIUM This Month

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. [CVSS 5.6 MEDIUM]

TP-Link Information Disclosure Code Injection
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-62673 HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow RCE Archer Ax53 Firmware
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-62501 HIGH This Week

Archer Ax53 Firmware versions up to 1.0 contains a vulnerability that allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) a (CVSS 8.1).

TP-Link Authentication Bypass Archer Ax53 Firmware
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-62405 HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow RCE Archer Ax53 Firmware
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-62404 HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow RCE Archer Ax53 Firmware
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-61983 HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow RCE Archer Ax53 Firmware
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-61944 HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow RCE Archer Ax53 Firmware
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-59487 HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow RCE Archer Ax53 Firmware
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-59482 HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow RCE Archer Ax53 Firmware
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-58455 HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow RCE Archer Ax53 Firmware
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-58077 HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow RCE Archer Ax53 Firmware
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-22228 MEDIUM This Month

TP-Link Archer BE230 v1.2 before 1.2.4 Build 20251218 rel.70420 is susceptible to denial-of-service attacks when an authenticated high-privilege user restores a specially crafted configuration file with excessively long parameters. The malicious configuration causes the device to become unresponsive and requires a manual reboot to restore functionality. No patch is currently available for this vulnerability.

TP-Link Archer Be230 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-22220 MEDIUM This Month

TP-Link Archer BE230 firmware v1.2 before build 20251218 rel.70420 lacks proper input validation in HTTP request processing, allowing a network-adjacent attacker with high privileges to crash the web service. An attacker exploiting this vulnerability can render the device's web interface temporarily unavailable until manual recovery or reboot occurs. No patch is currently available.

TP-Link Denial Of Service Archer Be230 Firmware
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2026-22229 HIGH PATCH This Week

Command injection in TP-Link Archer BE230 v1.2 and Deco BE25 v1.0 allows authenticated administrators to execute arbitrary OS commands by importing a malicious VPN configuration file. An attacker with admin access can achieve full device compromise, affecting network configuration, security posture, and service availability. Affected versions require patching to build 20251218 rel.70420 (BE230) or 20250822 (BE25).

TP-Link Command Injection Archer Be230 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-22227 HIGH PATCH This Week

TP-Link Archer BE230 v1.2 firmware contains a command injection vulnerability in the configuration backup restoration function that allows authenticated administrators to execute arbitrary OS commands with full device privileges. An attacker with admin credentials can exploit this to completely compromise the router, affecting network configuration, security posture, and service availability. The vulnerability affects versions before 1.2.4 Build 20251218 rel.70420 and patches are available.

TP-Link Command Injection Archer Be230 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2026-22226 HIGH PATCH This Week

Authenticated command injection in the TP-Link Archer BE230 v1.2 router (firmware prior to 1.2.4 Build 20251218 rel.70420) allows an administrator on the adjacent network to execute arbitrary OS commands via the VPN server configuration module. No public exploit identified at time of analysis, and EPSS of 0.99% (77th percentile) suggests modest near-term exploitation likelihood, though successful exploitation yields full device takeover. This CVE is one of several distinct command injection flaws disclosed across separate code paths in the same firmware.

TP-Link Command Injection
NVD VulDB
CVSS 4.0
8.5
EPSS
1.0%
CVE-2026-22224 HIGH PATCH This Week

TP-Link Archer BE230 v1.2 firmware contains an OS command injection vulnerability in the cloud communication interface that allows authenticated administrators to execute arbitrary commands with full device privileges. An attacker who compromises an admin account can gain complete control over the router, compromising its configuration, network security, and availability. A patch is available for versions prior to 1.2.4 Build 20251218 rel.70420.

TP-Link Command Injection Archer Be230 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2026-22223 HIGH PATCH This Week

Arbitrary code execution in TP-Link Archer BE230 firmware v1.2 prior to build 20251218 rel.70420 allows authenticated adjacent attackers to inject OS commands and gain full administrative control of the device. Successful exploitation compromises device configuration, network security, and service availability. A patch is available.

TP-Link Command Injection Archer Be230 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-22222 HIGH PATCH This Week

Arbitrary command execution in TP-Link Archer BE230 firmware v1.2 before build 20251218 allows authenticated adjacent network attackers to achieve full device compromise through OS command injection in multiple code paths. Successful exploitation grants administrative control, enabling attackers to modify device configuration, compromise network security, and disrupt service availability. A patch is available for affected versions.

TP-Link Command Injection Archer Be230 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-22221 HIGH PATCH This Week

Authenticated adjacent network attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmware build 20251218 rel.70420, gaining full administrative control and compromising device configuration and network security. This command injection vulnerability exists across multiple distinct code paths within the VPN module functionality. A firmware patch is available to remediate this issue.

TP-Link Command Injection Archer Be230 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-0631 HIGH PATCH This Week

Authenticated attackers on the same network segment can inject arbitrary OS commands into TP-Link Archer BE230 firmware versions before 1.2.4 Build 20251218, achieving full device compromise including administrative control. This command injection vulnerability in the VPN modules allows attackers to manipulate device configuration, disrupt network security, and disable services with high severity impact. A patch is available for affected users.

TP-Link Command Injection Archer Be230 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-0630 HIGH PATCH This Week

Authenticated adjacent attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmware build 20251218 rel.70420, achieving full administrative control. This command injection vulnerability compromises device configuration, network security, and service availability. A patch is available.

TP-Link Command Injection Archer Be230 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-1457 HIGH This Week

Remote code execution in TP-Link VIGI C385 cameras results from improper input validation in the Web API that allows authenticated attackers to trigger buffer overflows and corrupt memory. An attacker with valid credentials can exploit this vulnerability to execute arbitrary code with elevated privileges on affected devices. No patch is currently available for this high-severity issue.

TP-Link RCE Buffer Overflow Memory Corruption Vigi C385 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-14756 HIGH This Week

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise. [CVSS 8.8 HIGH]

TP-Link Command Injection Archer Mr600 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-0834 HIGH This Week

Unauthenticated adjacent network attackers can exploit a logic vulnerability in the TDDP module of TP-Link Archer C20 v6.0 and Archer AX53 v1.0 to execute administrative commands such as factory reset and device reboot without credentials. This allows attackers to cause loss of device configuration and service disruption on vulnerable routers. No patch is currently available for this high-severity vulnerability affecting both router models.

TP-Link Authentication Bypass
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-9014 HIGH PATCH This Week

A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. [CVSS 7.5 HIGH]

TP-Link Null Pointer Dereference Denial Of Service Tl Wr841n Firmware
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-15035 HIGH This Week

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107. [CVSS 7.3 HIGH]

TP-Link Archer Axe75 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-14631 MEDIUM This Month

A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows  an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914. [CVSS 6.5 MEDIUM]

TP-Link Null Pointer Dereference Archer Be400 Firmware
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14300 HIGH This Week

Missing authentication on the HTTPS connectAP interface in TP-Link Tapo C200 V3 firmware (versions 1.3.3 through 1.4.1) allows adjacent network attackers to remotely reconfigure device Wi-Fi settings, causing permanent denial-of-service until manual intervention. The vulnerability exploits CWE-306 (Missing Authentication for Critical Function) with CVSS 8.7 severity, requiring only adjacent network access with low attack complexity and no user interaction. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the technical barrier is minimal for LAN-positioned adversaries.

TP-Link IoT Authentication Bypass Denial Of Service Tapo C200 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-14739 MEDIUM This Month

Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack and potentially arbitrary code execution under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤ WR940N v5 3.20.1 Build 200316, ≤ WR941ND v6 3.16.9 Build 151203.

Memory Corruption TP-Link RCE
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-11676 HIGH This Month

Improper input validation vulnerability in TP-Link System Inc. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2023-28760 HIGH This Week

TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow in minidlna-1.1.2/upnpsoap.c. Exploitation requires that a USB flash drive is connected to the router (customers often do this to make a \\192.168.0.1 share available on their local network).

Buffer Overflow TP-Link RCE Stack Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2025-29089 HIGH This Month

An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9377 HIGH KEV THREAT Act Now

TP-Link Archer C7 and TL-WR841N routers contain an authenticated remote command execution vulnerability in the Parental Control page, affecting end-of-life devices with no patch available.

RCE TP-Link
NVD
CVSS 4.0
8.6
EPSS
15.6%
CVE-2025-8627 HIGH This Month

The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak.1.0. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass TP-Link Kp303 Firmware
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-53711 HIGH This Week

A buffer overflow vulnerability exists in the web service of multiple TP-Link router models including TL-WR841N v11, TL-WR842ND v2, and TL-WR494N v3, caused by missing input validation in /userRpm/WlanNetworkRpm.htm. An unauthenticated remote attacker can exploit this to crash the web service and cause a denial-of-service condition. The vulnerability has a low exploitation likelihood with EPSS score of 0.06% and affects products that are no longer supported by TP-Link.

Buffer Overflow Denial Of Service TP-Link
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-6982 MEDIUM This Month

Hard-coded credentials embedded in TP-Link Archer C50 (V3 through V5) and C20 V5 firmware enable attackers with local network access and limited privileges to decrypt configuration files (config.xml), potentially exposing sensitive network settings, credentials, and device state. CVSS 6.9 reflects high confidentiality impact despite local-only attack vector. EPSS score of 0.03% (10th percentile) suggests low real-world exploitation probability, contradicting the publicly disclosed vulnerability mechanics.

TP-Link Authentication Bypass
NVD
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-7460 HIGH POC This Week

CVE-2025-7460 is a critical buffer overflow vulnerability in the setWiFiAclRules function of TOTOLINK T6 routers (version 4.1.5cu.748_B20211015) that allows authenticated remote attackers to achieve code execution through malformed MAC address parameters in HTTP POST requests. The vulnerability has been publicly disclosed with proof-of-concept availability and poses immediate risk to deployed TOTOLINK T6 devices; exploitation requires valid credentials but no user interaction.

Buffer Overflow TP-Link RCE T6 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-6627 HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link A702r Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-6568 HIGH POC This Week

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-41427 HIGH This Week

A command injection vulnerability in Connection Diagnostics page (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Command Injection TP-Link RCE Authentication Bypass
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2025-6487 HIGH POC This Week

CVE-2025-6487 is a critical stack-based buffer overflow vulnerability in TOTOLINK A3002R router firmware version 1.1.1-B20200824.0128, affecting the formRoute function's subnet parameter processing. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be treated as actively exploitable.

Buffer Overflow TP-Link Stack Overflow RCE A3002r Firmware +1
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-6486 HIGH POC This Week

CVE-2025-6486 is a critical stack-based buffer overflow vulnerability in TOTOLINK A3002R router firmware version 1.1.1-B20200824.0128, affecting the formWlanMultipleAP function. An authenticated remote attacker can exploit this via manipulation of the 'submit-url' parameter to achieve code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available, increasing real-world exploitation risk.

Buffer Overflow TP-Link RCE A3002r Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-6402 HIGH POC This Week

CVE-2025-6402 is a critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the IPv6 setup HTTP POST handler. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to achieve complete system compromise (confidentiality, integrity, and availability). Public exploit code exists for this vulnerability, increasing real-world exploitation risk.

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-6400 HIGH POC This Week

CVE-2025-6400 is a critical buffer overflow vulnerability in TOTOLINK N300RH router firmware version 6.1c.1390_B20191101, exploitable via HTTP POST requests to the /boafrm/formPortFw endpoint through manipulation of the service_type parameter. An authenticated attacker can remotely trigger this vulnerability to achieve complete system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability meets criteria for active exploitation risk due to disclosed POC and remote exploitability from an authenticated state.

Buffer Overflow TP-Link RCE N300rh Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-6399 HIGH POC This Week

CVE-2025-6399 is a critical buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formIPv6Addr endpoint. An authenticated attacker can exploit the improper handling of the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability is likely to see active exploitation given its criticality and ease of exploitation.

Buffer Overflow TP-Link X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-6393 HIGH POC This Week

CVE-2025-6393 is a critical buffer overflow vulnerability in the HTTP POST request handler of TOTOLINK routers affecting models A702R, A3002R, A3002RU, and EX1200T across multiple firmware versions. An authenticated attacker can exploit this vulnerability by manipulating the 'submit-url' parameter in requests to /boafrm/formIPv6Addr to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The exploit has been publicly disclosed and may be actively exploited in the wild.

Buffer Overflow TP-Link RCE A3002r Firmware A702r Firmware +3
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2025-6337 HIGH POC This Week

CVE-2025-6337 is a critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers affecting versions 3.0.0-B20230809.1615 and 4.0.0-B20230531.1404. An authenticated attacker can exploit the 'submit-url' parameter in the /boafrm/formTmultiAP HTTP POST handler to achieve remote code execution with complete system compromise (confidentiality, integrity, and availability). Public exploit code exists and the vulnerability is exploitable over the network with low complexity.

Buffer Overflow TP-Link A3002ru Firmware A3002r Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6336 HIGH POC This Week

CVE-2025-6336 is a critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter in the /boafrm/formTmultiAP endpoint to achieve remote code execution with full system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability has been disclosed; exploitation requires valid credentials but no user interaction.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6302 HIGH POC This Week

CVE-2025-6302 is a critical stack-based buffer overflow vulnerability in TOTOLINK EX1200T router firmware version 4.1.2cu.5232_B20210713, specifically in the setStaticDhcpConfig function of /cgi-bin/cstecgi.cgi. An authenticated attacker can exploit this by sending a malicious Comment parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed, making this actively exploitable.

Buffer Overflow TP-Link Ex1200t Firmware TOTOLINK
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-6165 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK X15 firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler in the /boafrm/formTmultiAP endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete compromise of the router (data theft, modification, and denial of service). Public exploit code is available and the vulnerability meets the profile of actively exploitable threats.

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unauthenticated information disclosure in TP-Link Kasa EC70 v4 and EC71 v4 exposes sensitive geolocation data to any attacker on the same local network segment. The flaw resides in the devices' local discovery mechanism, which returns geolocation-related information in response to crafted network probes without requiring any credentials. Impact is limited to confidentiality; no integrity or availability compromise is possible through this vector. No public exploit exists and no active exploitation has been confirmed.

TP-Link Information Disclosure Kasa Ec71 V4 +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Credential disclosure in TP-Link Deco M5 v1 mesh routers stems from a weak (computationally cheap) password-hashing scheme used to store local user credentials, letting an attacker who has already obtained the stored hash recover the plaintext password via offline brute-force or dictionary attacks. Affected devices are the Deco M5 v1 hardware revision, and successful cracking yields access to device management functions scoped to the recovered account's privileges. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the CVSS 4.0 vector (AV:L/AC:H/PR:H) reflects that it is a post-compromise credential-recovery weakness rather than a remote entry point.

TP-Link Authentication Bypass Deco M5 Deco M5 V1
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Stack-based buffer overflow in the TP-Link TL-WR841N v14 web management interface allows an authenticated attacker on the same local network segment to crash the embedded web server via crafted HTTP requests, forcing the device to automatically reboot. The impact is limited exclusively to availability - no confidentiality or integrity exposure has been identified. No public exploit code or CISA KEV listing exists at time of analysis; the constrained attack prerequisites (adjacent network, administrative credentials) significantly bound real-world risk.

TP-Link Buffer Overflow Stack Overflow +1
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Command injection in TP-Link Archer and TL-MR series routers allows an adjacent unauthenticated attacker on the same broadcast domain to execute arbitrary commands with elevated privileges by supplying crafted DHCP option responses. The flaw resides in DHCP client option processing during device initialization and is most reliably triggered when the router is in factory-default or unconfigured state. No public exploit identified at time of analysis, but the vendor (TP-Link) has confirmed the issue and released firmware patches.

Command Injection TP-Link Archer Mr200 V07 +6
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

OS command injection in the VPN module of TP-Link Archer AX12 v1, AX17 v1, AX18 v1, and AX1300 v1.6 routers allows an authenticated attacker on an adjacent network to execute arbitrary commands by uploading a malicious VPN client configuration file. The flaw stems from improper sanitization of special characters during configuration import (CWE-78) and carries a CVSS 4.0 base score of 8.5. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV, but TP-Link has released firmware fixes for all affected models.

Command Injection TP-Link
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in the RTSP server of TP-Link Tapo C520WS v2 IP cameras allows adjacent network attackers to render the camera's video streaming service non-responsive by sending syntactically invalid RTSP input. The flaw is reachable without authentication or user interaction from the local network segment (CVSS 4.0 vector AV:A/PR:N/UI:N) and no public exploit identified at time of analysis. While confidentiality and integrity are unaffected, availability of the surveillance stream is fully impacted, which is operationally significant for a security camera.

Information Disclosure TP-Link Tapo C520Ws V2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in TP-Link Tapo C200 v5 IP cameras allows adjacent network attackers to crash the RTSP service and force a device reboot by sending a crafted Authorization header in an RTSP authentication request. The flaw is a stack-based buffer overflow (CWE-121) in the RTSP authentication handler; no public exploit identified at time of analysis, but vendor-acknowledged and patched firmware is available from TP-Link.

Buffer Overflow TP-Link Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Stored XSS in the TP-Link TL-SG108PE v5 web management interface allows an authenticated administrator on an adjacent network to inject persistent malicious script via the SYSNAM configuration parameter during a config file import operation. The injected payload is stored on the device and executes in any administrator's browser upon viewing the affected management page, enabling session cookie theft, unauthorized configuration changes, or exposure of sensitive management-plane data. No public exploit code has been identified at time of analysis, and CISA SSVC assessment rates exploitation as none and not automatable, consistent with the high privilege and adjacency prerequisites.

XSS TP-Link
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Cleartext Bluetooth transmission in TP-Link Tapo L535E, P300, and D100C devices allows adjacent attackers to intercept and manipulate initial setup data, enabling potential unauthorized device control during onboarding. The flaw stems from missing encryption on the Bluetooth pairing channel used only during initialization, and TP-Link has released patched firmware versions for all affected models. No public exploit identified at time of analysis, but the low complexity and absence of authentication make this a meaningful risk for users provisioning devices in dense urban or office environments.

TP-Link Authentication Bypass
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full administrative control of the affected device, potentially impacting on confidentiality, integrity, and availability.

TP-Link Information Disclosure
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF TP-Link
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition.

Authentication Bypass TP-Link
NVD
EPSS 0% CVSS 5.4
MEDIUM Monitor

TP-Link Archer C7 v5 and v5.8 routers use weak RSA-1024 encryption for admin password transmission during web login, allowing adjacent attackers with network traffic interception capability to perform cryptanalytic attacks (brute-force or key factorization) to recover plaintext credentials and gain unauthorized administrative access. EPSS score of P (Probable) and active POC availability indicate realistic exploitation risk in local network environments; however, exploitation requires both network adjacency and successful cryptanalysis of a 1024-bit RSA key, limiting attack scope to motivated adversaries on shared networks (e.g., compromised WiFi).

Authentication Bypass TP-Link
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

OS command injection in TP-Link Archer AX53 v1.0 dnsmasq module allows authenticated adjacent attackers to execute arbitrary code through maliciously crafted configuration files. Successful exploitation enables device configuration modification, sensitive data access, and complete system compromise. Affects TP-Link Archer AX53 v1.0 firmware versions prior to 1.7.1 Build 20260213. Requires high-privilege adjacent network access (CVSS:4.0 AV:A/PR:H). No public exploit identified at time of analysis.

TP-Link RCE Command Injection
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

External configuration control in TP-Link AX53 v1.0 OpenVPN module allows authenticated adjacent attackers to read arbitrary files by processing malicious configuration files, exposing sensitive device information. The vulnerability affects AX53 v1.0 prior to firmware build 1.7.1 Build 20260213 and requires high-level authentication and network adjacency to exploit. A vendor-released patch is available.

TP-Link Authentication Bypass
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

External control of configuration in TP-Link Archer AX53 v1.0 OpenVPN module allows authenticated adjacent attackers with high privileges to read arbitrary files via malicious configuration file processing, exposing sensitive device information. CVSS 6.8 reflects high confidentiality impact; no public exploit code or active exploitation confirmed. Patch available: firmware version 1.7.1 Build 20260213 or later.

TP-Link Authentication Bypass
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

OS command injection in TP-Link Archer AX53 v1.0 OpenVPN module allows authenticated adjacent attackers to execute arbitrary system commands through maliciously crafted configuration files. Exploitation requires high-privilege adjacency access but enables complete device compromise including configuration modification, credential disclosure, and persistent backdoor installation. Affects AX53 v1.0 firmware prior to 1.7.1 Build 20260213. No public exploit identified at time of analysis.

TP-Link Command Injection
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Stack-based buffer overflow in TP-Link Archer AX53 v1.0 tmpServer module enables authenticated adjacent attackers to execute arbitrary code via malicious configuration file. Exploitation triggers segmentation fault, permits device state modification, sensitive data exposure, and integrity compromise. Affects firmware versions before 1.7.1 Build 20260213. Requires high privileges and adjacent network access. No public exploit identified at time of analysis.

Information Disclosure Stack Overflow RCE +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial-of-service vulnerability in TP-Link Tapo C520WS v2.6 camera allows adjacent network attackers to trigger buffer overflow through crafted HTTP requests with excessively long paths that bypass initial length validation during path normalization, resulting in memory corruption and device reboot without requiring authentication. Vendor has released a patch; no public exploit code identified at time of analysis.

TP-Link Buffer Overflow
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Stack-based buffer overflow in TP-Link Tapo C520WS v2.6 allows remote attackers to trigger denial-of-service by sending oversized configuration parameters to a vulnerable configuration handling component. Successful exploitation causes device crash or reboot, impacting camera availability. Vendor has released a patch.

TP-Link Buffer Overflow Stack Overflow
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

TP-Link Tapo C520WS v2.6 contains an authentication bypass in its HTTP-based DS configuration service that allows unauthenticated attackers to execute privileged device configuration actions by appending authentication-exempt parameters to requests. The vulnerability stems from inconsistent JSON request parsing and authorization logic, enabling unauthorized modification of device state without requiring valid credentials. No public exploit code has been identified at time of analysis, and a vendor-released patch is available.

TP-Link Authentication Bypass
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows local network attackers to cause denial of service by sending crafted payloads during asynchronous video stream processing, triggering memory corruption and process crashes. The vulnerability stems from insufficient buffer boundary validation in streaming input handling. A vendor patch is available.

TP-Link Heap Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows unauthenticated network attackers to trigger denial-of-service by sending crafted HTTP payloads that bypass boundary validation during segmented request body parsing. The vulnerability exploits insufficient write-boundary verification in the HTTP parsing loop, causing heap memory corruption that crashes or hangs the device process. Patch is available from the vendor.

TP-Link Heap Overflow Buffer Overflow
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows remote attackers on the same network segment to trigger denial-of-service by sending crafted HTTP POST payloads that exceed allocated buffer boundaries. The vulnerability stems from missing validation in HTTP body parsing logic, causing process crashes or unresponsiveness. No CVSS score or vector data is available, limiting precise severity quantification, but the practical attack vector is network-adjacent and does not require authentication.

TP-Link Heap Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A Denial-of-Service vulnerability exists in the httpd component of TP-Link TD-W8961N v4.0 routers, caused by improper input sanitization (CWE-20) that allows attackers to craft malicious requests triggering httpd service crashes. The vulnerability enables service interruption and network unavailability for affected users. Although no CVSS score or EPSS metric is publicly available, a vendor patch is already available, indicating acknowledgment of the issue's severity and exploitability.

TP-Link Denial Of Service
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

A hardcoded cryptographic key in the configuration mechanism of TP-Link Archer NX series routers (NX200, NX210, NX500, NX600) allows authenticated attackers to decrypt, modify, and re-encrypt device configuration files, compromising both confidentiality and integrity of router settings. This vulnerability affects multiple hardware versions across all four product lines, with patches now available from the vendor. While no public exploit code or active KEV status has been reported, the authenticated attack requirement and widespread deployment of these consumer routers present moderate real-world risk.

TP-Link Information Disclosure
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

A command injection vulnerability exists in the modem-management administrative CLI of TP-Link Archer NX-series routers (NX200, NX210, NX500, NX600) due to improper input handling in CLI commands. An authenticated attacker with administrative privileges can inject crafted input into vulnerable CLI parameters to execute arbitrary operating system commands, compromising the confidentiality, integrity, and availability of the device. A patch is available from TP-Link, and no public exploit or active exploitation has been confirmed at this time.

TP-Link Command Injection
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

A command injection vulnerability exists in the wireless-control administrative CLI command of TP-Link Archer NX series routers (models NX200, NX210, NX500, and NX600) due to improper input handling that allows crafted input to be executed as part of operating system commands. An authenticated attacker with administrative privileges can exploit this vulnerability to execute arbitrary commands on the device, compromising confidentiality, integrity, and availability. Patches are available from the vendor for all affected models and versions.

TP-Link Command Injection
NVD VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

A missing authentication check in the HTTP server of TP-Link Archer NX-series routers (NX200, NX210, NX500, NX600) allows unauthenticated attackers to access privileged CGI endpoints intended for authenticated administrators. An attacker can perform critical operations including firmware upload and configuration changes without providing valid credentials, effectively gaining administrative control over the device. A vendor patch is available, and this vulnerability represents a direct authentication bypass with severe real-world exploitation potential.

TP-Link Authentication Bypass
NVD VulDB
EPSS 0%
Monitor

The WiFi Extender WDR201A (hardware version 2.1, firmware LFMZX28040922V1.02) contains an unprotected UART interface exposed through accessible PCB pads, allowing information disclosure through direct hardware access. An attacker with physical access to the device can connect to the UART pins to read sensitive data, firmware contents, or configuration information without authentication. No CVSS score, EPSS metric, or KEV status is currently available, but a proof-of-concept and detailed security research have been published, confirming the vulnerability's practical exploitability.

TP-Link IoT Information Disclosure
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Authenticated attackers can achieve root-level command execution on TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 routers by uploading a malicious configuration file through the import function, exploiting improper input validation in the port-trigger processing logic. Successful exploitation grants complete control over the affected device, allowing full compromise of the router and any connected network. A patch is available for this high-severity vulnerability.

TP-Link Command Injection Tl Wr802n V4 +2
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations.

Command Injection TP-Link
NVD
EPSS 0% CVSS 8.0
HIGH This Week

TP-Link Deco BE25 firmware versions 1.0 through 1.1.1 (Build 20250822) contain a path traversal vulnerability that allows authenticated adjacent network attackers to read arbitrary files or trigger denial of service without user interaction. The vulnerability affects the web module component and requires local network access with valid credentials to exploit. No patch is currently available for this high-severity flaw (CVSS 8.0).

TP-Link Denial Of Service Path Traversal +1
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Arbitrary command execution in TP-Link Deco BE25 firmware v1.0 through v1.1.1 Build 20250822 stems from improper input validation in the web administration interface, allowing authenticated adjacent attackers to inject OS commands via malicious configuration files. Successful exploitation grants full control over the affected device with complete compromise of confidentiality, integrity, and availability. No patch is currently available.

TP-Link Command Injection Deco Be25 Firmware
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected cross-site scripting in TP-Link Archer C60 v3 firmware permits arbitrary JavaScript execution through malicious URLs, enabling attackers to steal credentials or hijack sessions when targeted at privileged users. The vulnerability requires user interaction to trigger but has network-accessible attack vectors with no authentication needed. No patch is currently available.

TP-Link Archer C60 Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Guest users on TP-Link Tapo C260 v1 cameras can modify protected device settings by exploiting inadequate access controls on synchronization endpoints. Authenticated attackers with limited privileges can bypass restrictions to change sensitive configuration parameters without authorization. No patch is currently available for this vulnerability.

TP-Link Authentication Bypass RCE +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated attackers can execute arbitrary commands on TP-Link Tapo C260 v1 cameras through command injection in POST parameters during configuration synchronization, potentially achieving complete device compromise. The vulnerability stems from insufficient input validation and affects confidentiality, integrity, and availability with no patch currently available.

TP-Link Command Injection Tapo C260 Firmware
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

TP-Link Tapo C260 v1 firmware contains a path traversal vulnerability in HTTPS GET request handling that allows local network attackers to probe filesystem paths and determine file existence without authentication. While the vulnerability does not permit file read, write, or code execution, it enables information disclosure about the device's filesystem structure to unauthenticated local users. No patch is currently available.

TP-Link Path Traversal RCE
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. [CVSS 8.8 HIGH]

TP-Link Tapo P100 Firmware Tapo H100 Firmware
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. [CVSS 5.6 MEDIUM]

TP-Link Information Disclosure Code Injection
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow +2
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Archer Ax53 Firmware versions up to 1.0 contains a vulnerability that allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) a (CVSS 8.1).

TP-Link Authentication Bypass Archer Ax53 Firmware
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow +2
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow +2
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow +2
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow +2
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow +2
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow +2
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow +2
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. [CVSS 8.0 HIGH]

TP-Link Buffer Overflow Heap Overflow +2
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

TP-Link Archer BE230 v1.2 before 1.2.4 Build 20251218 rel.70420 is susceptible to denial-of-service attacks when an authenticated high-privilege user restores a specially crafted configuration file with excessively long parameters. The malicious configuration causes the device to become unresponsive and requires a manual reboot to restore functionality. No patch is currently available for this vulnerability.

TP-Link Archer Be230 Firmware
NVD
EPSS 0% CVSS 4.5
MEDIUM This Month

TP-Link Archer BE230 firmware v1.2 before build 20251218 rel.70420 lacks proper input validation in HTTP request processing, allowing a network-adjacent attacker with high privileges to crash the web service. An attacker exploiting this vulnerability can render the device's web interface temporarily unavailable until manual recovery or reboot occurs. No patch is currently available.

TP-Link Denial Of Service Archer Be230 Firmware
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Command injection in TP-Link Archer BE230 v1.2 and Deco BE25 v1.0 allows authenticated administrators to execute arbitrary OS commands by importing a malicious VPN configuration file. An attacker with admin access can achieve full device compromise, affecting network configuration, security posture, and service availability. Affected versions require patching to build 20251218 rel.70420 (BE230) or 20250822 (BE25).

TP-Link Command Injection Archer Be230 Firmware
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

TP-Link Archer BE230 v1.2 firmware contains a command injection vulnerability in the configuration backup restoration function that allows authenticated administrators to execute arbitrary OS commands with full device privileges. An attacker with admin credentials can exploit this to completely compromise the router, affecting network configuration, security posture, and service availability. The vulnerability affects versions before 1.2.4 Build 20251218 rel.70420 and patches are available.

TP-Link Command Injection Archer Be230 Firmware
NVD
EPSS 1% CVSS 8.5
HIGH PATCH This Week

Authenticated command injection in the TP-Link Archer BE230 v1.2 router (firmware prior to 1.2.4 Build 20251218 rel.70420) allows an administrator on the adjacent network to execute arbitrary OS commands via the VPN server configuration module. No public exploit identified at time of analysis, and EPSS of 0.99% (77th percentile) suggests modest near-term exploitation likelihood, though successful exploitation yields full device takeover. This CVE is one of several distinct command injection flaws disclosed across separate code paths in the same firmware.

TP-Link Command Injection
NVD VulDB
EPSS 1% CVSS 7.2
HIGH PATCH This Week

TP-Link Archer BE230 v1.2 firmware contains an OS command injection vulnerability in the cloud communication interface that allows authenticated administrators to execute arbitrary commands with full device privileges. An attacker who compromises an admin account can gain complete control over the router, compromising its configuration, network security, and availability. A patch is available for versions prior to 1.2.4 Build 20251218 rel.70420.

TP-Link Command Injection Archer Be230 Firmware
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Arbitrary code execution in TP-Link Archer BE230 firmware v1.2 prior to build 20251218 rel.70420 allows authenticated adjacent attackers to inject OS commands and gain full administrative control of the device. Successful exploitation compromises device configuration, network security, and service availability. A patch is available.

TP-Link Command Injection Archer Be230 Firmware
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Arbitrary command execution in TP-Link Archer BE230 firmware v1.2 before build 20251218 allows authenticated adjacent network attackers to achieve full device compromise through OS command injection in multiple code paths. Successful exploitation grants administrative control, enabling attackers to modify device configuration, compromise network security, and disrupt service availability. A patch is available for affected versions.

TP-Link Command Injection Archer Be230 Firmware
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Authenticated adjacent network attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmware build 20251218 rel.70420, gaining full administrative control and compromising device configuration and network security. This command injection vulnerability exists across multiple distinct code paths within the VPN module functionality. A firmware patch is available to remediate this issue.

TP-Link Command Injection Archer Be230 Firmware
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Authenticated attackers on the same network segment can inject arbitrary OS commands into TP-Link Archer BE230 firmware versions before 1.2.4 Build 20251218, achieving full device compromise including administrative control. This command injection vulnerability in the VPN modules allows attackers to manipulate device configuration, disrupt network security, and disable services with high severity impact. A patch is available for affected users.

TP-Link Command Injection Archer Be230 Firmware
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Authenticated adjacent attackers can execute arbitrary OS commands on TP-Link Archer BE230 v1.2 devices prior to firmware build 20251218 rel.70420, achieving full administrative control. This command injection vulnerability compromises device configuration, network security, and service availability. A patch is available.

TP-Link Command Injection Archer Be230 Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in TP-Link VIGI C385 cameras results from improper input validation in the Web API that allows authenticated attackers to trigger buffer overflows and corrupt memory. An attacker with valid credentials can exploit this vulnerability to execute arbitrary code with elevated privileges on affected devices. No patch is currently available for this high-severity issue.

TP-Link RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise. [CVSS 8.8 HIGH]

TP-Link Command Injection Archer Mr600 Firmware
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Unauthenticated adjacent network attackers can exploit a logic vulnerability in the TDDP module of TP-Link Archer C20 v6.0 and Archer AX53 v1.0 to execute administrative commands such as factory reset and device reboot without credentials. This allows attackers to cause loss of device configuration and service disruption on vulnerable routers. No patch is currently available for this high-severity vulnerability affecting both router models.

TP-Link Authentication Bypass
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. [CVSS 7.5 HIGH]

TP-Link Null Pointer Dereference Denial Of Service +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107. [CVSS 7.3 HIGH]

TP-Link Archer Axe75 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows  an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914. [CVSS 6.5 MEDIUM]

TP-Link Null Pointer Dereference Archer Be400 Firmware
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Missing authentication on the HTTPS connectAP interface in TP-Link Tapo C200 V3 firmware (versions 1.3.3 through 1.4.1) allows adjacent network attackers to remotely reconfigure device Wi-Fi settings, causing permanent denial-of-service until manual intervention. The vulnerability exploits CWE-306 (Missing Authentication for Critical Function) with CVSS 8.7 severity, requiring only adjacent network access with low attack complexity and no user interaction. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the technical barrier is minimal for LAN-positioned adversaries.

TP-Link IoT Authentication Bypass +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack and potentially arbitrary code execution under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤ WR940N v5 3.20.1 Build 200316, ≤ WR941ND v6 3.16.9 Build 151203.

Memory Corruption TP-Link RCE
NVD
EPSS 0% CVSS 7.1
HIGH This Month

Improper input validation vulnerability in TP-Link System Inc. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link
NVD
EPSS 2% CVSS 7.5
HIGH This Week

TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow in minidlna-1.1.2/upnpsoap.c. Exploitation requires that a USB flash drive is connected to the router (customers often do this to make a \\192.168.0.1 share available on their local network).

Buffer Overflow TP-Link RCE +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Month

An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure
NVD
EPSS 16% CVSS 8.6
HIGH KEV THREAT Act Now

TP-Link Archer C7 and TL-WR841N routers contain an authenticated remote command execution vulnerability in the Parental Control page, affecting end-of-life devices with no patch available.

RCE TP-Link
NVD
EPSS 0% CVSS 8.7
HIGH This Month

The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak.1.0. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass TP-Link Kp303 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A buffer overflow vulnerability exists in the web service of multiple TP-Link router models including TL-WR841N v11, TL-WR842ND v2, and TL-WR494N v3, caused by missing input validation in /userRpm/WlanNetworkRpm.htm. An unauthenticated remote attacker can exploit this to crash the web service and cause a denial-of-service condition. The vulnerability has a low exploitation likelihood with EPSS score of 0.06% and affects products that are no longer supported by TP-Link.

Buffer Overflow Denial Of Service TP-Link
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Hard-coded credentials embedded in TP-Link Archer C50 (V3 through V5) and C20 V5 firmware enable attackers with local network access and limited privileges to decrypt configuration files (config.xml), potentially exposing sensitive network settings, credentials, and device state. CVSS 6.9 reflects high confidentiality impact despite local-only attack vector. EPSS score of 0.03% (10th percentile) suggests low real-world exploitation probability, contradicting the publicly disclosed vulnerability mechanics.

TP-Link Authentication Bypass
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-7460 is a critical buffer overflow vulnerability in the setWiFiAclRules function of TOTOLINK T6 routers (version 4.1.5cu.748_B20211015) that allows authenticated remote attackers to achieve code execution through malformed MAC address parameters in HTTP POST requests. The vulnerability has been publicly disclosed with proof-of-concept availability and poses immediate risk to deployed TOTOLINK T6 devices; exploitation requires valid credentials but no user interaction.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link A702r Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

A command injection vulnerability in Connection Diagnostics page (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Command Injection TP-Link RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-6487 is a critical stack-based buffer overflow vulnerability in TOTOLINK A3002R router firmware version 1.1.1-B20200824.0128, affecting the formRoute function's subnet parameter processing. An authenticated remote attacker can exploit this to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be treated as actively exploitable.

Buffer Overflow TP-Link Stack Overflow +3
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-6486 is a critical stack-based buffer overflow vulnerability in TOTOLINK A3002R router firmware version 1.1.1-B20200824.0128, affecting the formWlanMultipleAP function. An authenticated remote attacker can exploit this via manipulation of the 'submit-url' parameter to achieve code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available, increasing real-world exploitation risk.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-6402 is a critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the IPv6 setup HTTP POST handler. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to achieve complete system compromise (confidentiality, integrity, and availability). Public exploit code exists for this vulnerability, increasing real-world exploitation risk.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

CVE-2025-6400 is a critical buffer overflow vulnerability in TOTOLINK N300RH router firmware version 6.1c.1390_B20191101, exploitable via HTTP POST requests to the /boafrm/formPortFw endpoint through manipulation of the service_type parameter. An authenticated attacker can remotely trigger this vulnerability to achieve complete system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability meets criteria for active exploitation risk due to disclosed POC and remote exploitability from an authenticated state.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

CVE-2025-6399 is a critical buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formIPv6Addr endpoint. An authenticated attacker can exploit the improper handling of the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability is likely to see active exploitation given its criticality and ease of exploitation.

Buffer Overflow TP-Link X15 Firmware +1
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

CVE-2025-6393 is a critical buffer overflow vulnerability in the HTTP POST request handler of TOTOLINK routers affecting models A702R, A3002R, A3002RU, and EX1200T across multiple firmware versions. An authenticated attacker can exploit this vulnerability by manipulating the 'submit-url' parameter in requests to /boafrm/formIPv6Addr to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The exploit has been publicly disclosed and may be actively exploited in the wild.

Buffer Overflow TP-Link RCE +5
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

CVE-2025-6337 is a critical buffer overflow vulnerability in TOTOLINK A3002R and A3002RU routers affecting versions 3.0.0-B20230809.1615 and 4.0.0-B20230531.1404. An authenticated attacker can exploit the 'submit-url' parameter in the /boafrm/formTmultiAP HTTP POST handler to achieve remote code execution with complete system compromise (confidentiality, integrity, and availability). Public exploit code exists and the vulnerability is exploitable over the network with low complexity.

Buffer Overflow TP-Link A3002ru Firmware +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

CVE-2025-6336 is a critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter in the /boafrm/formTmultiAP endpoint to achieve remote code execution with full system compromise (confidentiality, integrity, and availability). Public exploit code is available and the vulnerability has been disclosed; exploitation requires valid credentials but no user interaction.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

CVE-2025-6302 is a critical stack-based buffer overflow vulnerability in TOTOLINK EX1200T router firmware version 4.1.2cu.5232_B20210713, specifically in the setStaticDhcpConfig function of /cgi-bin/cstecgi.cgi. An authenticated attacker can exploit this by sending a malicious Comment parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed, making this actively exploitable.

Buffer Overflow TP-Link Ex1200t Firmware +1
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK X15 firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler in the /boafrm/formTmultiAP endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete compromise of the router (data theft, modification, and denial of service). Public exploit code is available and the vulnerability meets the profile of actively exploitable threats.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy