Skip to main content

TP-Link

440 CVEs vendor

Monthly

CVE-2018-19528 CRITICAL POC Act Now

TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-18428 HIGH POC THREAT This Week

TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tl Sc3130 Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
11.5%
CVE-2018-15702 HIGH This Week

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF TP-Link Tl Wrn841N Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-15701 MEDIUM This Month

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service TP-Link Tl Wrn841N Firmware
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-15700 MEDIUM This Month

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service TP-Link Tl Wrn841N Firmware
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-5393 CRITICAL Act Now

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Deserialization TP-Link Eap Controller
NVD
CVSS 3.0
9.8
EPSS
12.9%
CVE-2018-17018 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17017 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17016 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17015 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17014 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17013 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17012 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17011 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17010 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17009 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17008 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17007 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17006 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17005 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-17004 MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-15172 HIGH POC This Week

TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wr840N Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.3%
CVE-2018-14336 HIGH POC This Week

TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Wr840N
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.3%
CVE-2018-13134 MEDIUM POC This Month

TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Archer C1200 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-12577 HIGH This Week

The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Command Injection Tl Wr841n Firmware
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-12576 MEDIUM This Month

TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS TP-Link Tl Wr841n Firmware
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2018-12575 CRITICAL Act Now

On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass TP-Link Tl Wr841n Firmware
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-12574 HIGH This Week

CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF TP-Link Tl Wr841n Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-12694 HIGH POC This Week

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wa850Re Firmware
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-12693 MEDIUM POC THREAT This Month

Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow TP-Link Tl Wa850Re Firmware
NVD
CVSS 3.0
6.5
EPSS
15.8%
CVE-2018-12692 HIGH POC THREAT This Week

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wa850Re Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
29.1%
CVE-2018-11714 CRITICAL POC THREAT Act Now

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure TP-Link Tl Wr840N Firmware Tl Wr841n Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
36.5%
CVE-2018-11482 CRITICAL Act Now

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass TP-Link Ipc Tl Ipc223 P 6 Firmware Tl Ipc323K D Firmware Tl Ipc325 Kp Firmware +1
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-11481 HIGH This Week

TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE TP-Link Ipc Tl Ipc223 P 6 Firmware Tl Ipc323K D Firmware Tl Ipc325 Kp Firmware +1
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-10168 HIGH POC This Week

TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation TP-Link Eap Controller
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-10167 HIGH POC This Week

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass TP-Link Eap Controller
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-10166 HIGH POC This Week

The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF TP-Link Eap Controller
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-10165 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Eap Controller
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-10164 MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Eap Controller
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2017-17747 MEDIUM POC This Month

Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Denial Of Service Authentication Bypass Tl Sg108E Firmware
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-17746 MEDIUM POC This Month

Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Authentication Bypass Tl Sg108E Firmware
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2017-17745 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS TP-Link Java Tl Sg108E Firmware
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-17758 HIGH POC This Week

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wvr450L Firmware Tl Wvr458L Firmware Tl Wvr900L Firmware +12
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2017-17757 HIGH POC This Week

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wvr450L Firmware Tl Wvr458L Firmware Tl Wvr900L Firmware +12
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2017-16960 HIGH This Week

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Command Injection Tl Er5510G Tl Er5520G Tl Er6120G +51
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-16959 MEDIUM POC This Month

The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Path Traversal Tl Wvr300 Firmware Tl Wvr302 Firmware Tl Wvr450 Firmware +48
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-16958 HIGH POC This Week

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wvr300 Firmware Tl Wvr302 Firmware Tl Wvr450 Firmware +48
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2017-16957 HIGH POC This Week

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wvr300 Firmware Tl Wvr302 Firmware Tl Wvr450 Firmware +48
NVD GitHub
CVSS 3.0
8.8
EPSS
2.9%
CVE-2017-13772 HIGH POC THREAT Act Now

Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.7%.

Buffer Overflow TP-Link RCE Wr940N Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
52.7%
Threat
4.8
CVE-2017-15291 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Tl Mr3220 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-11519 CRITICAL POC THREAT Emergency

passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.

TP-Link Information Disclosure Archer C9 2 0 Firmware
NVD
CVSS 3.0
9.8
EPSS
13.2%
CVE-2017-10796 MEDIUM This Month

On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Authentication Bypass Nc250 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2017-9466 CRITICAL POC Act Now

The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Wr841N V8 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2017-8220 CRITICAL POC Act Now

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link RCE Command Injection C2 Firmware C20I Firmware
NVD
CVSS 3.0
9.9
EPSS
3.8%
CVE-2017-8219 MEDIUM POC This Month

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure C2 Firmware C20I Firmware
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-8218 CRITICAL POC Act Now

vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure C2 Firmware C20I Firmware
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2017-8217 MEDIUM POC This Month

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Authentication Bypass C2 Firmware C20I Firmware
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-8078 MEDIUM POC This Month

On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Authentication Bypass Tl Sg108E Firmware
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-8077 HIGH POC This Week

On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Authentication Bypass Tl Sg108E Firmware
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2017-8076 CRITICAL POC Act Now

On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl Sg108E Firmware
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-8075 CRITICAL POC Act Now

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl Sg108E Firmware
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2017-8074 CRITICAL POC Act Now

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl Sg108E Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2016-1000009 HIGH This Week

TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2015-3036 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.1%.

Netgear Linux Buffer Overflow TP-Link RCE +1
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
70.1%
Threat
5.6
CVE-2015-3035 HIGH POC KEV THREAT Act Now

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Path Traversal TP-Link
NVD VulDB
CVSS 3.1
7.5
EPSS
93.1%
Threat
7.3
CVE-2014-9510 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF TP-Link Tl Wr840N Firmware
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2014-9350 MEDIUM POC THREAT This Month

TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Denial Of Service TP-Link Tl Wr740N Firmware Tl Wr740N
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
13.0%
CVE-2013-2645 CRITICAL POC Act Now

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal CSRF TP-Link Firmware
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
0.5%
CVE-2014-4728 MEDIUM POC This Month

The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wdr4300 Firmware Tl Wdr4300
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2014-4727 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS TP-Link Tl Wdr4300 Firmware Tl Wdr4300
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6316 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS TP-Link Tl Wr841n Firmware Tl Wr841N
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6786 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

D-Link TP-Link XSS Zyxel Huawei +7
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2581 HIGH POC THREAT Act Now

cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.5%.

Privilege Escalation TP-Link Tl Sc3130 Tl Sc3130G Tl Sc3171 +2
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
16.5%
CVE-2013-2580 HIGH POC This Week

Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload TP-Link Tl Sc3130 Tl Sc3130G Tl Sc3171 +2
NVD Exploit-DB
CVSS 2.0
7.1
EPSS
7.8%
CVE-2013-2579 CRITICAL POC THREAT Emergency

TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.8%.

TP-Link Authentication Bypass Tl Sc3130 Tl Sc3130G Tl Sc3171 +2
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
17.8%
Threat
4.0
CVE-2013-2578 CRITICAL POC THREAT Emergency

cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.3%.

Command Injection TP-Link Tl Sc3130 Tl Sc3130G Tl Sc3171 +2
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
72.3%
Threat
5.7
CVE-2013-3688 HIGH POC This Week

The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Denial Of Service TP-Link Tl Sc3130 Tl Sc3130G +3
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2012-6276 MEDIUM POC This Month

Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal TP-Link Tl Wr841n Firmware Tl Wr841N
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
9.4%
CVE-2012-5687 HIGH POC THREAT Act Now

Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 67.5%.

Path Traversal TP-Link Tl Wr841N Tl Wr841n Firmware
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
67.5%
Threat
5.1
CVE-2012-2440 HIGH This Week

The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation TP-Link 8840T
NVD
CVSS 2.0
7.5
EPSS
0.5%
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow TP-Link +1
NVD GitHub
EPSS 11% CVSS 7.5
HIGH POC THREAT This Week

TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tl Sc3130 Firmware
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Week

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF TP-Link Tl Wrn841N Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service TP-Link Tl Wrn841N Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service TP-Link Tl Wrn841N Firmware
NVD
EPSS 13% CVSS 9.8
CRITICAL Act Now

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Deserialization +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr886N Firmware
NVD GitHub
EPSS 8% CVSS 7.5
HIGH POC This Week

TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wr840N Firmware
NVD Exploit-DB
EPSS 8% CVSS 7.5
HIGH POC This Week

TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Wr840N
NVD Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM POC This Month

TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Archer C1200 Firmware
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH This Week

The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Command Injection Tl Wr841n Firmware
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS TP-Link Tl Wr841n Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass TP-Link Tl Wr841n Firmware
NVD
EPSS 0% CVSS 8.8
HIGH This Week

CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF TP-Link Tl Wr841n Firmware
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wa850Re Firmware
NVD
EPSS 16% CVSS 6.5
MEDIUM POC THREAT This Month

Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD
EPSS 29% CVSS 8.8
HIGH POC THREAT This Week

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wa850Re Firmware
NVD Exploit-DB
EPSS 37% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure TP-Link +2
NVD Exploit-DB
EPSS 1% CVSS 9.8
CRITICAL Act Now

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass TP-Link Ipc Tl Ipc223 P 6 Firmware +3
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE TP-Link Ipc Tl Ipc223 P 6 Firmware +3
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation TP-Link Eap Controller
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass TP-Link Eap Controller
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF TP-Link Eap Controller
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Eap Controller
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Eap Controller
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Denial Of Service Authentication Bypass +1
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Authentication Bypass Tl Sg108E Firmware
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS TP-Link Java +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wvr450L Firmware +14
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wvr450L Firmware +14
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

TP-Link Command Injection Tl Er5510G +53
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Path Traversal Tl Wvr300 Firmware +50
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wvr300 Firmware +50
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wvr300 Firmware +50
NVD GitHub
EPSS 53% 4.8 CVSS 8.8
HIGH POC THREAT Act Now

Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.7%.

Buffer Overflow TP-Link RCE +1
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS TP-Link Tl Mr3220 Firmware
NVD Exploit-DB
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Emergency

passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.

TP-Link Information Disclosure Archer C9 2 0 Firmware
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Authentication Bypass Nc250 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Wr841N V8 Firmware
NVD
EPSS 4% CVSS 9.9
CRITICAL POC Act Now

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link RCE Command Injection +2
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure C2 Firmware +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure C2 Firmware +1
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Authentication Bypass C2 Firmware +1
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Authentication Bypass Tl Sg108E Firmware
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Authentication Bypass Tl Sg108E Firmware
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl Sg108E Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl Sg108E Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Information Disclosure Tl Sg108E Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link
NVD
EPSS 70% 5.6 CVSS 10.0
CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.1%.

Netgear Linux Buffer Overflow +3
NVD Exploit-DB
EPSS 93% 7.3 CVSS 7.5
HIGH POC KEV THREAT Act Now

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Path Traversal TP-Link
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF TP-Link Tl Wr840N Firmware
NVD
EPSS 13% CVSS 5.0
MEDIUM POC THREAT This Month

TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Denial Of Service TP-Link Tl Wr740N Firmware +1
NVD Exploit-DB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal CSRF TP-Link +1
NVD Exploit-DB
EPSS 1% CVSS 5.0
MEDIUM POC This Month

The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wdr4300 Firmware +1
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS TP-Link Tl Wdr4300 Firmware +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS TP-Link Tl Wr841n Firmware +1
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

D-Link TP-Link XSS +9
NVD
EPSS 16% CVSS 7.8
HIGH POC THREAT Act Now

cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.5%.

Privilege Escalation TP-Link Tl Sc3130 +4
NVD Exploit-DB
EPSS 8% CVSS 7.1
HIGH POC This Week

Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload TP-Link Tl Sc3130 +4
NVD Exploit-DB
EPSS 18% 4.0 CVSS 10.0
CRITICAL POC THREAT Emergency

TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.8%.

TP-Link Authentication Bypass Tl Sc3130 +4
NVD Exploit-DB
EPSS 72% 5.7 CVSS 10.0
CRITICAL POC THREAT Emergency

cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.3%.

Command Injection TP-Link Tl Sc3130 +4
NVD Exploit-DB
EPSS 1% CVSS 7.1
HIGH POC This Week

The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Denial Of Service TP-Link +5
NVD
EPSS 9% CVSS 4.3
MEDIUM POC This Month

Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal TP-Link Tl Wr841n Firmware +1
NVD Exploit-DB
EPSS 67% 5.1 CVSS 7.8
HIGH POC THREAT Act Now

Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 67.5%.

Path Traversal TP-Link Tl Wr841N +1
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation TP-Link 8840T
NVD
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy