Skip to main content

TP-Link

440 CVEs vendor

Monthly

CVE-2024-5228 HIGH This Week

TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE TP-Link Omada Er605 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-5227 HIGH This Week

TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

TP-Link Command Injection RCE Omada Er605 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-31340 MEDIUM This Month

TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

TP-Link Information Disclosure
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-1180 HIGH This Week

TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection RCE Omada Er605 Firmware
NVD
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-1179 HIGH This Week

TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link RCE Omada Er605 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-6437 CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection TP-Link
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-25139 CRITICAL Act Now

In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE TP-Link Omada Er605 Firmware
NVD GitHub
CVSS 3.1
10.0
EPSS
0.9%
CVE-2024-2188 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link XSS Archer Ax50 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2024-21833 HIGH This Month

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection Archer Ax3000 Firmware Archer Ax5400 Firmware Deco X50 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-21821 HIGH This Month

Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection Archer Ax3000 Firmware Archer Ax5400 Firmware Archer Axe75 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2024-21773 HIGH This Month

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection Archer Ax3000 Firmware Archer Ax5400 Firmware Deco X50 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27098 HIGH POC This Week

TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tapo
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-34829 MEDIUM POC This Month

Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tapo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-39610 MEDIUM POC This Month

An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tapo C100 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-46539 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46538 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46537 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46536 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46535 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46534 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46527 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-46526 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46525 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46523 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46522 CRITICAL POC Act Now

TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-46521 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46520 CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46373 CRITICAL POC Act Now

TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46371 CRITICAL POC Act Now

TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wdr7660 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-43135 CRITICAL POC Act Now

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Authentication Bypass Tl Er5120G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-40357 HIGH This Week

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection Archer Ax50 Firmware Archer A10 Firmware Archer Ax10 Firmware +1
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2023-36489 HIGH This Week

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection Tl Wr902Ac Firmware Tl Wr802N Firmware Tl Wr841n Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-31188 HIGH This Week

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection Archer C55 Firmware Archer C50 V3 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2023-39751 CRITICAL POC Act Now

TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr941Nd V6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.8%
CVE-2023-39748 HIGH POC This Week

An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr1041N V2 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39747 CRITICAL POC Act Now

TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wr940N V2 Firmware Tl Wr941Nd V5 Firmware Tl Wr841N V8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.8%
CVE-2023-39745 HIGH POC This Week

TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link Tl Wr940N V2 Firmware Tl Wr941Nd V5 Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31710 CRITICAL Act Now

TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow TP-Link Archer Ax21 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-30383 HIGH This Week

TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service TP-Link Buffer Overflow Archer C2 V1 Firmware Archer C20 Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-36359 HIGH POC This Week

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link Tl Wr940n Firmware Tl Wr841n Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-36358 HIGH POC This Week

TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link Tl Wr940n Firmware Tl Wr841n Firmware +2
NVD GitHub
CVSS 3.1
7.7
EPSS
0.7%
CVE-2023-36357 HIGH POC This Week

An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr940n Firmware Tl Wr841n Firmware Tl Wr941Nd Firmware
NVD GitHub
CVSS 3.1
7.7
EPSS
0.8%
CVE-2023-36356 HIGH POC This Week

TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service TP-Link Tl Wr940n Firmware +3
NVD GitHub
CVSS 3.1
7.7
EPSS
0.7%
CVE-2023-36355 CRITICAL POC THREAT Act Now

TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link Tl Wr940n Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.9
EPSS
31.7%
CVE-2023-36354 HIGH POC This Week

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link Tl Wr940n Firmware Tl Wr841n Firmware +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34832 CRITICAL POC Act Now

TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Buffer Overflow Archer Ax10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-29562 CRITICAL POC Act Now

TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wpa7510 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27836 CRITICAL POC Act Now

TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wpa8630P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-27837 CRITICAL POC Act Now

TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wpa8630P Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-28478 HIGH This Week

TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow TP-Link Ec70 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-33538 HIGH POC KEV THREAT This Week

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wr940n Firmware Tl Wr841n Firmware Tl Wr740N Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
41.9%
CVE-2023-33537 HIGH POC This Week

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure TP-Link Tl Wr940n Firmware Tl Wr841n Firmware +1
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-33536 HIGH POC This Week

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure TP-Link Tl Wr940n Firmware Tl Wr841n Firmware +1
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-27126 MEDIUM POC This Month

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tapo C200 Firmware
NVD VulDB
CVSS 3.1
4.6
EPSS
0.4%
CVE-2023-31756 MEDIUM POC This Month

A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Archer Vr1600V Firmware
NVD
CVSS 3.1
6.7
EPSS
1.8%
CVE-2023-31701 HIGH POC This Week

TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wpa4530 Kit Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-31700 HIGH POC This Week

TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wpa4530 Kit Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-2646 MEDIUM This Month

A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service TP-Link Archer C7 Firmware
NVD VulDB
CVSS 3.1
4.5
EPSS
0.3%
CVE-2023-28368 MEDIUM This Month

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link T2600G 28Sq Firmware
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-27078 CRITICAL POC Act Now

A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Mr3020 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-1389 HIGH POC KEV THREAT This Week

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Archer Ax21 Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
100.0%
CVE-2023-23040 HIGH PATCH This Week

TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure TP-Link Tl Wr940n Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-0936 MEDIUM POC This Month

A vulnerability was found in TP-Link Archer C50 V2_160801. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Archer C50
NVD VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-22303 CRITICAL Act Now

TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Authentication Bypass Tl Sg105Pe Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-48194 HIGH POC THREAT This Week

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE TP-Link File Upload Tl Wr902Ac Firmware
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
33.5%
CVE-2022-46914 HIGH This Week

An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wa801N Firmware Tl Wa801Nd V1 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-46912 HIGH This Week

An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wr841n Firmware Tl Wr841Nd V7 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-46910 HIGH This Week

An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wa901N Firmware Tl Wa901Nd V1 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-46435 HIGH This Week

An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wr941Nd V2 Firmware Tl Wr941Nd V3 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-46434 HIGH This Week

An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12.6 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wa7510N V1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-46432 HIGH This Week

An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wr743Nd V1 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-46430 MEDIUM This Month

TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wr740N V1 Firmware Tl Wr740N V2 Firmware +2
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2022-46428 MEDIUM This Month

TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE TP-Link Denial Of Service Tl Wr1043Nd V1 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2022-46139 MEDIUM This Month

TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Denial Of Service Tl Wr940N V4 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-41783 MEDIUM This Month

tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure TP-Link Re3000 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-4296 MEDIUM POC This Month

A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tl Wr740N Firmware
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-41541 HIGH POC This Week

TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Ax10 Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2022-41540 MEDIUM POC This Month

The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass TP-Link Ax10 Firmware
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2022-42202 MEDIUM POC This Month

TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link XSS Tl Wr841n Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-37860 CRITICAL POC PATCH THREAT Act Now

The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

TP-Link Command Injection M7350 Firmware
NVD
CVSS 3.1
9.8
EPSS
80.0%
CVE-2021-42232 CRITICAL Act Now

TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection Archer A7 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-34555 CRITICAL POC THREAT Act Now

TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE TP-Link Tl R473G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
20.5%
CVE-2022-30024 HIGH This Week

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Buffer Overflow RCE Tl Wr841 Firmware Tl Wr841n Firmware +1
NVD VulDB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-32058 HIGH POC This Week

An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr741N Firmware Tl Wr742N Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-33087 HIGH POC This Week

A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption TP-Link Buffer Overflow Archer A5 Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-30075 HIGH POC THREAT Act Now

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 37.2%.

TP-Link RCE Archer Ax50 Firmware
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
37.2%
Threat
4.4
CVE-2022-29402 MEDIUM POC This Month

TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass TP-Link Tl Wr840N Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-26988 HIGH POC This Week

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption TP-Link Buffer Overflow RCE Tl Wdr7660 Firmware +5
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-26987 HIGH POC This Week

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption TP-Link Buffer Overflow RCE Tl Wdr7660 Firmware +5
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-26642 HIGH POC This Week

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Buffer Overflow Tl Wr840N Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
EPSS 1% CVSS 7.5
HIGH This Week

TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

TP-Link Command Injection RCE +1
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

TP-Link Information Disclosure
NVD
EPSS 1% CVSS 8.0
HIGH This Week

TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection RCE +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow TP-Link +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection TP-Link
NVD VulDB
EPSS 1% CVSS 10.0
CRITICAL Act Now

In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE TP-Link +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link XSS Archer Ax50 Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection Archer Ax3000 Firmware +4
NVD
EPSS 0% CVSS 8.0
HIGH This Month

Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection Archer Ax3000 Firmware +2
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection Archer Ax3000 Firmware +3
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tapo
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tapo
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tapo C100 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Authentication Bypass Tl Er5120G Firmware
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection Archer Ax50 Firmware +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection Tl Wr902Ac Firmware +2
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection Archer C55 Firmware +1
NVD
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr1041N V2 Firmware
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wr940N V2 Firmware +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link +3
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service TP-Link Buffer Overflow +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link +3
NVD GitHub
EPSS 1% CVSS 7.7
HIGH POC This Week

TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link +4
NVD GitHub
EPSS 1% CVSS 7.7
HIGH POC This Week

An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr940n Firmware +2
NVD GitHub
EPSS 1% CVSS 7.7
HIGH POC This Week

TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +5
NVD GitHub
EPSS 32% CVSS 9.9
CRITICAL POC THREAT Act Now

TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC This Week

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link +4
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Buffer Overflow Archer Ax10 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wpa8630P Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wpa8630P Firmware
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow TP-Link +1
NVD GitHub
EPSS 42% CVSS 8.8
HIGH POC KEV THREAT This Week

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wr940n Firmware +2
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure TP-Link +3
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure TP-Link +3
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC This Month

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tapo C200 Firmware
NVD VulDB
EPSS 2% CVSS 6.7
MEDIUM POC This Month

A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Archer Vr1600V Firmware
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wpa4530 Kit Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wpa4530 Kit Firmware
NVD GitHub
EPSS 0% CVSS 4.5
MEDIUM This Month

A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service TP-Link Archer C7 Firmware
NVD VulDB
EPSS 0% CVSS 5.7
MEDIUM This Month

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link T2600G 28Sq Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Mr3020 Firmware
NVD GitHub
EPSS 100% CVSS 8.8
HIGH POC KEV THREAT This Week

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Archer Ax21 Firmware
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure TP-Link Tl Wr940n Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A vulnerability was found in TP-Link Archer C50 V2_160801. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Archer C50
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Authentication Bypass Tl Sg105Pe Firmware
NVD
EPSS 33% CVSS 8.8
HIGH POC THREAT This Week

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE TP-Link +2
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE TP-Link Denial Of Service +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12.6 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE TP-Link Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE TP-Link Denial Of Service +1
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE TP-Link Denial Of Service +4
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE TP-Link Denial Of Service +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Denial Of Service Tl Wr940N V4 Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure TP-Link Re3000 Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tl Wr740N Firmware
NVD VulDB
EPSS 1% CVSS 8.1
HIGH POC This Week

TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Ax10 Firmware
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM POC This Month

The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass TP-Link Ax10 Firmware
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link XSS Tl Wr841n Firmware
NVD
EPSS 80% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

TP-Link Command Injection M7350 Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection Archer A7 Firmware
NVD GitHub VulDB
EPSS 20% CVSS 9.8
CRITICAL POC THREAT Act Now

TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE TP-Link Tl R473G Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Buffer Overflow RCE +3
NVD VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr741N Firmware +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption TP-Link +3
NVD GitHub
EPSS 37% 4.4 CVSS 8.8
HIGH POC THREAT Act Now

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 37.2%.

TP-Link RCE Archer Ax50 Firmware
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass TP-Link Tl Wr840N Firmware
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption TP-Link Buffer Overflow +7
NVD GitHub VulDB
EPSS 1% CVSS 7.8
HIGH POC This Week

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption TP-Link Buffer Overflow +7
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Buffer Overflow Tl Wr840N Firmware
NVD GitHub
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy