Skip to main content

TP-Link

440 CVEs vendor

Monthly

CVE-2025-6164 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK A3002R router firmware version 4.0.0-B20230531.1404, affecting the HTTP POST request handler in the /boafrm/formMultiAP endpoint. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, increasing real-world exploitation risk.

Buffer Overflow TP-Link A3002r Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6163 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK A3002RU routers (version 3.0.0-B20230809.1615 and potentially others) affecting the HTTP POST request handler at endpoint /boafrm/formMultiAP. An authenticated attacker can exploit this via a malicious 'submit-url' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability is actively exploitable.

Buffer Overflow TP-Link RCE A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6162 HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6151 HIGH POC This Week

Buffer overflow vulnerability in TP-Link TL-WR940N V4 and TL-WR841N V11 routers, exploitable remotely through the /userRpm/WanSlaacCfgRpm.htm endpoint. An attacker with high privileges can trigger memory corruption leading to availability impact (denial of service) or potential system compromise. This vulnerability affects end-of-life products no longer receiving vendor support, significantly limiting remediation options.

Buffer Overflow TP-Link Tl Wr940n Firmware
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.5%
CVE-2025-6150 HIGH POC This Week

Critical remote buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formMultiAP endpoint. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve complete system compromise including confidentiality, integrity, and availability breaches. A public proof-of-concept exists and the vulnerability is actively exploitable without user interaction.

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6149 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK A3002R firmware version 4.0.0-B20230531.1404 affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit code available and represents an active threat to deployed devices.

Buffer Overflow TP-Link A3002r Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6148 HIGH POC This Week

Critical remote buffer overflow vulnerability in TOTOLINK A3002RU firmware version 3.0.0-B20230809.1615 affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit this via manipulation of the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and represents an active threat to deployed devices.

Buffer Overflow TP-Link RCE A3002ru Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6147 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK A702R router firmware (version 4.0.0-B20230721.1521) affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit this vulnerability remotely by manipulating the submit-url parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, significantly elevating real-world exploitation risk.

Buffer Overflow TP-Link A702r Firmware TOTOLINK RCE
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6146 HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6145 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the /boafrm/formSysLog HTTP POST handler. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve buffer overflow, leading to remote code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, and the vulnerability affects a widely deployed consumer networking device.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6144 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formSysCmd. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6143 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T router firmware (version 4.1.2cu.5232_B20210713) affecting the NTP configuration handler. An authenticated attacker can remotely exploit this vulnerability via HTTP POST requests to the /boafrm/formNtp endpoint by manipulating the submit-url parameter, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability may be actively exploited in the wild.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-6138 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the HTTP POST request handler. An authenticated attacker can remotely exploit the setWizardCfg function via the ssid5g parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code has been disclosed and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow TP-Link T10 Firmware TOTOLINK
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6137 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiScheduleCfg function in the HTTP POST request handler. An authenticated remote attacker can exploit this vulnerability by manipulating the 'desc' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability. A public exploit has been disclosed and the vulnerability is likely actively exploited given its critical CVSS score of 8.8 and low attack complexity.

Buffer Overflow TP-Link RCE T10 Firmware TOTOLINK
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-6130 HIGH POC This Week

A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6129 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T firmware version 4.1.2cu.5232_B20210713 affecting the HTTP POST request handler in the /boafrm/formSaveConfig endpoint. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists, increasing real-world exploitation risk.

Buffer Overflow TP-Link Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6128 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formWirelessTbl endpoint. An authenticated attacker can exploit the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public proof-of-concept code is available, and this vulnerability may be actively exploited in the wild.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-5911 HIGH POC This Week

A buffer overflow vulnerability in TOTOLINK EX1200T (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-5910 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formWsc. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit code available and may be actively exploited in the wild.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-5909 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless routers (up to firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formReflashClientTbl endpoint. An authenticated attacker can remotely exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability violations. Public exploit code has been disclosed, making this an active threat with demonstrated proof-of-concept availability.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-5908 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless routers (up to version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formIpQoS endpoint. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability). The exploit has been publicly disclosed and proof-of-concept code is available, making this a high-priority threat for affected deployments.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-5907 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at the /boafrm/formFilter endpoint. An authenticated remote attacker can exploit this vulnerability to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit code available, creating immediate risk for deployed devices.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-5905 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the WiFi repeater configuration function. An authenticated remote attacker can exploit this vulnerability by sending a malicious POST request with an oversized Password parameter to /cgi-bin/cstecgi.cgi, achieving complete compromise of the device including arbitrary code execution. Public disclosure and proof-of-concept code availability significantly elevate real-world risk despite requiring authenticated access.

Buffer Overflow TP-Link RCE T10 Firmware TOTOLINK
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-5904 HIGH POC This Week

A critical buffer overflow vulnerability exists in TOTOLINK T10 firmware version 4.1.8cu.5207 in the setWiFiMeshName function of the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated remote attacker can overflow the device_name parameter to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, elevating real-world risk despite the requirement for authenticated access.

Buffer Overflow TP-Link RCE T10 Firmware TOTOLINK
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-5903 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiAclRules function in the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated attacker can remotely exploit this vulnerability by manipulating the 'desc' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, elevating real-world exploitation risk despite requiring low-privilege authentication.

Buffer Overflow TP-Link RCE T10 Firmware TOTOLINK
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-5902 HIGH POC This Week

Critical remote buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setUpgradeFW function in the POST request handler. An authenticated remote attacker can exploit improper input validation on the slaveIpList parameter to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability has public exploit code available and represents an actively exploitable threat.

Buffer Overflow TP-Link RCE T10 Firmware TOTOLINK
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-5901 HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the UploadCustomModule function in the POST request handler at /cgi-bin/cstecgi.cgi. An authenticated remote attacker can exploit this vulnerability by manipulating the File argument to achieve buffer overflow, resulting in complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit disclosure and represents an immediate threat to affected devices.

Buffer Overflow TP-Link RCE T10 Firmware TOTOLINK
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-5875 HIGH POC This Week

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link RCE IoT Tl Ipc544ep W4 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-5793 HIGH POC This Week

A critical buffer overflow vulnerability exists in TOTOLINK EX1200T firmware version 4.1.2cu.5232_B20210713 in the HTTP POST request handler for the /boafrm/formPortFw endpoint. An authenticated attacker can exploit this by manipulating the 'service_type' parameter to achieve remote code execution with high impact to confidentiality, integrity, and availability (CVSS 8.8). Public exploits are available, making this an active threat.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-5792 HIGH POC This Week

A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link RCE Ex1200t Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-5790 HIGH This Week

Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler for the /boafrm/formIpQoS endpoint. An authenticated remote attacker can exploit improper input validation on the 'mac' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability (CIA triad). Public exploit disclosure and proof-of-concept availability significantly elevate real-world exploitation risk.

Buffer Overflow TP-Link X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-5789 HIGH This Week

A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler in the /boafrm/formPortFw endpoint. An authenticated attacker can exploit the unsanitized 'service_type' parameter to trigger a buffer overflow, achieving remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-5788 HIGH This Week

Critical buffer overflow vulnerability in TOTOLINK X15 router firmware version 1.0.0-B20230714.1105, affecting the HTTP POST request handler at endpoint /boafrm/formReflashClientTbl. An authenticated remote attacker can exploit improper argument validation in the 'submit-url' parameter to achieve complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code exists and the vulnerability meets CISA KEV criteria for active exploitation risk.

Buffer Overflow TP-Link X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-5787 HIGH This Week

Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler at endpoint /boafrm/formWsc. An authenticated remote attacker can exploit this via a malicious 'submit-url' parameter to achieve remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available, creating immediate risk for affected deployments.

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-5786 HIGH This Week

Critical buffer overflow vulnerability in TOTOLINK X15 1.0.0-B20230714.1105 affecting the DMZ configuration HTTP POST handler. An authenticated attacker can exploit a malformed 'submit-url' parameter in the /boafrm/formDMZ endpoint to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A proof-of-concept exploit has been publicly disclosed, and the vulnerability may be actively exploited in the wild.

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-5739 HIGH This Week

A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105, affecting the HTTP POST request handler in the /boafrm/formSaveConfig endpoint. An authenticated attacker can exploit the unsanitized 'submit-url' parameter to trigger a buffer overflow, potentially achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit proof-of-concept available, creating immediate real-world risk.

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-5738 HIGH This Week

Critical buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler at endpoint /boafrm/formStats. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the vulnerability is actively exploitable.

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-5737 HIGH This Week

Critical remote buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler at endpoint /boafrm/formDosCfg. An authenticated attacker can exploit improper input validation of the 'submit-url' parameter to achieve buffer overflow, leading to complete system compromise including confidentiality, integrity, and availability breaches. A public proof-of-concept exploit exists, increasing real-world exploitation risk.

Buffer Overflow TP-Link X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-5736 HIGH This Week

A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the NTP configuration handler (/boafrm/formNtp). An authenticated attacker can remotely trigger a buffer overflow via the 'submit-url' parameter in HTTP POST requests, achieving remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability meets active exploitation criteria.

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-5735 HIGH This Week

Critical buffer overflow vulnerability in TOTOLINK X15 wireless router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formSetLg endpoint. An authenticated attacker can exploit the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed, making this an actively exploitable vulnerability with demonstrated proof-of-concept.

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-5734 HIGH This Week

Critical buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formWlanRedirect endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'redirect-url' parameter to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit code available, significantly increasing real-world exploitation risk.

Buffer Overflow TP-Link X15 Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-5672 HIGH This Week

Critical remote buffer overflow vulnerability in TOTOLINK N302R Plus routers up to version 3.4.0-B20201028, affecting the HTTP POST request handler in the /boafrm/formFilter endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'url' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability (CIA triad fully compromised). The vulnerability has public exploit disclosure and represents an active real-world threat to deployed TOTOLINK router infrastructure.

Buffer Overflow TP-Link RCE N302r Plus Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-5671 HIGH This Week

A critical buffer overflow vulnerability exists in TOTOLINK N302R Plus router firmware (versions up to 3.4.0-B20201028) in the HTTP POST request handler for the /boafrm/formPortFw endpoint. An authenticated remote attacker can exploit this by manipulating the 'service_type' parameter to cause buffer overflow, achieving remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability shows strong indicators of active exploitation risk.

Buffer Overflow TP-Link RCE N302r Plus Firmware TOTOLINK
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-5600 CRITICAL POC Act Now

Buffer overflow in TOTOLINK EX1200T via setLanguageCfg. EPSS 0.52%. PoC available.

Buffer Overflow TP-Link Ex1200t Firmware TOTOLINK
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2025-40634 CRITICAL This Week

Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

TP-Link Buffer Overflow RCE Stack Overflow
NVD
CVSS 4.0
9.2
EPSS
0.2%
CVE-2025-25427 HIGH POC This Week

A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link XSS Wr841N Firmware
NVD GitHub
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-3442 MEDIUM This Month

This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required. No vendor patch available.

TP-Link Information Disclosure
NVD
CVSS 4.0
4.4
EPSS
0.1%
CVE-2024-57049 CRITICAL POC THREAT Emergency

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 48.8%.

TP-Link Authentication Bypass Archer C20 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
48.8%
Threat
4.9
CVE-2025-25901 HIGH POC This Week

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Denial Of Service Tl Wr841Nd Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-25900 MEDIUM This Month

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Buffer Overflow Denial Of Service Tl Wr841Nd V11 Firmware
NVD GitHub
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-25899 LOW Monitor

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

TP-Link Buffer Overflow Denial Of Service Tl Wr841Nd V11 Firmware
NVD GitHub
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-25898 HIGH POC This Week

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Denial Of Service Tl Wr841Nd Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-25897 HIGH POC This Week

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Denial Of Service Tl Wr841Nd Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-57514 MEDIUM POC This Month

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

TP-Link XSS
NVD
CVSS 3.1
4.8
EPSS
7.5%
CVE-2025-0730 MEDIUM POC This Month

A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tl Sg108E Firmware
NVD VulDB GitHub
CVSS 4.0
6.3
EPSS
0.5%
CVE-2025-0729 MEDIUM This Month

A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link
NVD VulDB GitHub
CVSS 4.0
6.9
EPSS
0.3%
CVE-2024-54887 HIGH This Week

TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow TP-Link Tl Wr940n Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.7%
CVE-2024-46341 HIGH This Week

TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Information Disclosure Tl Wr845n Firmware
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-46340 CRITICAL Act Now

TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure Tl Wr845n Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-50699 HIGH POC This Week

TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl Wr845n Firmware
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-12344 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow TP-Link Vn020 F3V Firmware
NVD GitHub VulDB Exploit-DB
CVSS 4.0
5.3
EPSS
1.8%
CVE-2024-12343 HIGH This Week

A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow TP-Link Vn020 F3V Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
4.7%
CVE-2024-12342 HIGH POC This Week

A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Denial Of Service
NVD GitHub VulDB Exploit-DB
CVSS 4.0
7.1
EPSS
8.9%
CVE-2024-54127 MEDIUM This Month

This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required. No vendor patch available.

TP-Link Information Disclosure
NVD
CVSS 4.0
4.3
EPSS
0.2%
CVE-2024-54126 HIGH This Week

This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Jwt Attack Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2024-53375 HIGH This Week

An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection RCE
NVD GitHub
CVSS 3.1
8.0
EPSS
40.7%
CVE-2024-53623 HIGH This Week

Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass TP-Link
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-48288 HIGH POC THREAT This Week

TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Ipc42C Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
10.3%
CVE-2024-11237 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Vn020 F3V T Firmware
NVD GitHub VulDB Exploit-DB
CVSS 4.0
8.7
EPSS
5.2%
CVE-2024-10523 MEDIUM This Month

This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required. No vendor patch available.

TP-Link Information Disclosure Tapo H100 Firmware
NVD
CVSS 4.0
4.4
EPSS
0.1%
CVE-2024-48714 MEDIUM POC This Month

In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-48713 MEDIUM POC This Month

In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-48712 MEDIUM POC This Month

In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-48710 MEDIUM POC This Month

In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-46325 MEDIUM This Month

TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link Wr740N Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-46486 HIGH POC This Week

TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection RCE Tl Wdr5620 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-35495 MEDIUM This Month

An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-46549 HIGH This Week

An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation TP-Link
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-46548 MEDIUM This Month

TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-46313 HIGH This Week

TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link Wr941Nd Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
2.3%
CVE-2024-9284 HIGH This Week

A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link Tl Wr841Nd Firmware
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
1.0%
CVE-2024-42815 CRITICAL POC Act Now

In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Memory Corruption Re365 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-4224 MEDIUM This Month

An authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link XSS
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-38471 MEDIUM This Month

Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-21827 HIGH POC This Week

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link RCE Er7206 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-37662 MEDIUM POC This Month

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl 7Dr5130 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-37661 MEDIUM POC This Month

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl 7Dr5130 Firmware
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2024-5244 MEDIUM This Month

TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

TP-Link RCE Omada Er605 Firmware
NVD
CVSS 3.1
4.2
EPSS
0.3%
CVE-2024-5243 HIGH This Week

TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow RCE TP-Link Omada Er605 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-5242 HIGH This Week

TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link RCE Omada Er605 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK A3002R router firmware version 4.0.0-B20230531.1404, affecting the HTTP POST request handler in the /boafrm/formMultiAP endpoint. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, increasing real-world exploitation risk.

Buffer Overflow TP-Link A3002r Firmware +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK A3002RU routers (version 3.0.0-B20230809.1615 and potentially others) affecting the HTTP POST request handler at endpoint /boafrm/formMultiAP. An authenticated attacker can exploit this via a malicious 'submit-url' parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists and the vulnerability is actively exploitable.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.2
HIGH POC This Week

Buffer overflow vulnerability in TP-Link TL-WR940N V4 and TL-WR841N V11 routers, exploitable remotely through the /userRpm/WanSlaacCfgRpm.htm endpoint. An attacker with high privileges can trigger memory corruption leading to availability impact (denial of service) or potential system compromise. This vulnerability affects end-of-life products no longer receiving vendor support, significantly limiting remediation options.

Buffer Overflow TP-Link Tl Wr940n Firmware
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical remote buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formMultiAP endpoint. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve complete system compromise including confidentiality, integrity, and availability breaches. A public proof-of-concept exists and the vulnerability is actively exploitable without user interaction.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK A3002R firmware version 4.0.0-B20230531.1404 affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit code available and represents an active threat to deployed devices.

Buffer Overflow TP-Link A3002r Firmware +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical remote buffer overflow vulnerability in TOTOLINK A3002RU firmware version 3.0.0-B20230809.1615 affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit this via manipulation of the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and represents an active threat to deployed devices.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK A702R router firmware (version 4.0.0-B20230721.1521) affecting the HTTP POST request handler for the /boafrm/formSysLog endpoint. An authenticated attacker can exploit this vulnerability remotely by manipulating the submit-url parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, significantly elevating real-world exploitation risk.

Buffer Overflow TP-Link A702r Firmware +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link X15 Firmware +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the /boafrm/formSysLog HTTP POST handler. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve buffer overflow, leading to remote code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, and the vulnerability affects a widely deployed consumer networking device.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formSysCmd. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T router firmware (version 4.1.2cu.5232_B20210713) affecting the NTP configuration handler. An authenticated attacker can remotely exploit this vulnerability via HTTP POST requests to the /boafrm/formNtp endpoint by manipulating the submit-url parameter, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability may be actively exploited in the wild.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the HTTP POST request handler. An authenticated attacker can remotely exploit the setWizardCfg function via the ssid5g parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code has been disclosed and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow TP-Link T10 Firmware +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiScheduleCfg function in the HTTP POST request handler. An authenticated remote attacker can exploit this vulnerability by manipulating the 'desc' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability. A public exploit has been disclosed and the vulnerability is likely actively exploited given its critical CVSS score of 8.8 and low attack complexity.

Buffer Overflow TP-Link RCE +2
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T firmware version 4.1.2cu.5232_B20210713 affecting the HTTP POST request handler in the /boafrm/formSaveConfig endpoint. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists, increasing real-world exploitation risk.

Buffer Overflow TP-Link Ex1200t Firmware +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formWirelessTbl endpoint. An authenticated attacker can exploit the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public proof-of-concept code is available, and this vulnerability may be actively exploited in the wild.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A buffer overflow vulnerability in TOTOLINK EX1200T (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formWsc. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit code available and may be actively exploited in the wild.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless routers (up to firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formReflashClientTbl endpoint. An authenticated attacker can remotely exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability violations. Public exploit code has been disclosed, making this an active threat with demonstrated proof-of-concept availability.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless routers (up to version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formIpQoS endpoint. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability). The exploit has been publicly disclosed and proof-of-concept code is available, making this a high-priority threat for affected deployments.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK EX1200T routers (firmware versions up to 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at the /boafrm/formFilter endpoint. An authenticated remote attacker can exploit this vulnerability to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit code available, creating immediate risk for deployed devices.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the WiFi repeater configuration function. An authenticated remote attacker can exploit this vulnerability by sending a malicious POST request with an oversized Password parameter to /cgi-bin/cstecgi.cgi, achieving complete compromise of the device including arbitrary code execution. Public disclosure and proof-of-concept code availability significantly elevate real-world risk despite requiring authenticated access.

Buffer Overflow TP-Link RCE +2
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A critical buffer overflow vulnerability exists in TOTOLINK T10 firmware version 4.1.8cu.5207 in the setWiFiMeshName function of the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated remote attacker can overflow the device_name parameter to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, elevating real-world risk despite the requirement for authenticated access.

Buffer Overflow TP-Link RCE +2
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiAclRules function in the POST request handler (/cgi-bin/cstecgi.cgi). An authenticated attacker can remotely exploit this vulnerability by manipulating the 'desc' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, elevating real-world exploitation risk despite requiring low-privilege authentication.

Buffer Overflow TP-Link RCE +2
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical remote buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setUpgradeFW function in the POST request handler. An authenticated remote attacker can exploit improper input validation on the slaveIpList parameter to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability has public exploit code available and represents an actively exploitable threat.

Buffer Overflow TP-Link RCE +2
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the UploadCustomModule function in the POST request handler at /cgi-bin/cstecgi.cgi. An authenticated remote attacker can exploit this vulnerability by manipulating the File argument to achieve buffer overflow, resulting in complete system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit disclosure and represents an immediate threat to affected devices.

Buffer Overflow TP-Link RCE +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A buffer overflow vulnerability in A vulnerability classified as critical (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link RCE +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

A critical buffer overflow vulnerability exists in TOTOLINK EX1200T firmware version 4.1.2cu.5232_B20210713 in the HTTP POST request handler for the /boafrm/formPortFw endpoint. An authenticated attacker can exploit this by manipulating the 'service_type' parameter to achieve remote code execution with high impact to confidentiality, integrity, and availability (CVSS 8.8). Public exploits are available, making this an active threat.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler for the /boafrm/formIpQoS endpoint. An authenticated remote attacker can exploit improper input validation on the 'mac' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability (CIA triad). Public exploit disclosure and proof-of-concept availability significantly elevate real-world exploitation risk.

Buffer Overflow TP-Link X15 Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler in the /boafrm/formPortFw endpoint. An authenticated attacker can exploit the unsanitized 'service_type' parameter to trigger a buffer overflow, achieving remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Critical buffer overflow vulnerability in TOTOLINK X15 router firmware version 1.0.0-B20230714.1105, affecting the HTTP POST request handler at endpoint /boafrm/formReflashClientTbl. An authenticated remote attacker can exploit improper argument validation in the 'submit-url' parameter to achieve complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code exists and the vulnerability meets CISA KEV criteria for active exploitation risk.

Buffer Overflow TP-Link X15 Firmware +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler at endpoint /boafrm/formWsc. An authenticated remote attacker can exploit this via a malicious 'submit-url' parameter to achieve remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available, creating immediate risk for affected deployments.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Critical buffer overflow vulnerability in TOTOLINK X15 1.0.0-B20230714.1105 affecting the DMZ configuration HTTP POST handler. An authenticated attacker can exploit a malformed 'submit-url' parameter in the /boafrm/formDMZ endpoint to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A proof-of-concept exploit has been publicly disclosed, and the vulnerability may be actively exploited in the wild.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105, affecting the HTTP POST request handler in the /boafrm/formSaveConfig endpoint. An authenticated attacker can exploit the unsanitized 'submit-url' parameter to trigger a buffer overflow, potentially achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit proof-of-concept available, creating immediate real-world risk.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Critical buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler at endpoint /boafrm/formStats. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the vulnerability is actively exploitable.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Critical remote buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler at endpoint /boafrm/formDosCfg. An authenticated attacker can exploit improper input validation of the 'submit-url' parameter to achieve buffer overflow, leading to complete system compromise including confidentiality, integrity, and availability breaches. A public proof-of-concept exploit exists, increasing real-world exploitation risk.

Buffer Overflow TP-Link X15 Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the NTP configuration handler (/boafrm/formNtp). An authenticated attacker can remotely trigger a buffer overflow via the 'submit-url' parameter in HTTP POST requests, achieving remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability meets active exploitation criteria.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Critical buffer overflow vulnerability in TOTOLINK X15 wireless router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formSetLg endpoint. An authenticated attacker can exploit the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed, making this an actively exploitable vulnerability with demonstrated proof-of-concept.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Critical buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formWlanRedirect endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'redirect-url' parameter to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit code available, significantly increasing real-world exploitation risk.

Buffer Overflow TP-Link X15 Firmware +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Critical remote buffer overflow vulnerability in TOTOLINK N302R Plus routers up to version 3.4.0-B20201028, affecting the HTTP POST request handler in the /boafrm/formFilter endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'url' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability (CIA triad fully compromised). The vulnerability has public exploit disclosure and represents an active real-world threat to deployed TOTOLINK router infrastructure.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

A critical buffer overflow vulnerability exists in TOTOLINK N302R Plus router firmware (versions up to 3.4.0-B20201028) in the HTTP POST request handler for the /boafrm/formPortFw endpoint. An authenticated remote attacker can exploit this by manipulating the 'service_type' parameter to cause buffer overflow, achieving remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability shows strong indicators of active exploitation risk.

Buffer Overflow TP-Link RCE +2
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in TOTOLINK EX1200T via setLanguageCfg. EPSS 0.52%. PoC available.

Buffer Overflow TP-Link Ex1200t Firmware +1
NVD VulDB
EPSS 0% CVSS 9.2
CRITICAL This Week

Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

TP-Link Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 8.6
HIGH POC This Week

A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link XSS Wr841N Firmware
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required. No vendor patch available.

TP-Link Information Disclosure
NVD
EPSS 49% 4.9 CVSS 9.8
CRITICAL POC THREAT Emergency

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 48.8%.

TP-Link Authentication Bypass Archer C20 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC This Week

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +2
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Buffer Overflow Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 3.5
LOW Monitor

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

TP-Link Buffer Overflow Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +2
NVD GitHub
EPSS 7% CVSS 4.8
MEDIUM POC This Month

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

TP-Link XSS
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tl Sg108E Firmware
NVD VulDB GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link
NVD VulDB GitHub
EPSS 2% CVSS 8.0
HIGH This Week

TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow TP-Link +1
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Information Disclosure Tl Wr845n Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure Tl Wr845n Firmware
NVD
EPSS 0% CVSS 8.0
HIGH POC This Week

TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl Wr845n Firmware
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow TP-Link Vn020 F3V Firmware
NVD GitHub VulDB Exploit-DB
EPSS 5% CVSS 7.1
HIGH This Week

A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow TP-Link Vn020 F3V Firmware
NVD GitHub VulDB
EPSS 9% CVSS 7.1
HIGH POC This Week

A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Denial Of Service
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM This Month

This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required. No vendor patch available.

TP-Link Information Disclosure
NVD
EPSS 0% CVSS 8.5
HIGH This Week

This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Jwt Attack Information Disclosure
NVD
EPSS 41% CVSS 8.0
HIGH This Week

An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection RCE
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass TP-Link
NVD GitHub
EPSS 10% CVSS 8.0
HIGH POC THREAT This Week

TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Ipc42C Firmware
NVD GitHub
EPSS 5% CVSS 8.7
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Vn020 F3V T Firmware
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 4.4
MEDIUM This Month

This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required. No vendor patch available.

TP-Link Information Disclosure Tapo H100 Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection RCE +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.6
HIGH This Week

An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation TP-Link
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 7.1
HIGH This Week

A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

An authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link XSS
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link RCE Er7206 Firmware
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl 7Dr5130 Firmware
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC This Month

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl 7Dr5130 Firmware
NVD GitHub
EPSS 0% CVSS 4.2
MEDIUM This Month

TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

TP-Link RCE Omada Er605 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow RCE TP-Link +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link +2
NVD
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy