25
CVEs
0
Critical
20
High
0
KEV
0
PoC
3
Unpatched C/H
80.0%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
20
MEDIUM
4
LOW
0
Monthly CVE Trend
Affected Products (30)
Ex1200t Firmware
19
X15 Firmware
16
Archer Be230 Firmware
11
Archer Ax53 Firmware
10
T10 Firmware
7
A3002r Firmware
6
A3002ru Firmware
4
Archer Ax5400 Firmware
3
Archer Axe75 Firmware
3
Archer Ax3000 Firmware
3
IoT
3
A702r Firmware
3
Tl Wr841Nd Firmware
3
Deco X50 Firmware
2
Deco Xe200 Firmware
2
Tl Wr940n Firmware
2
N302r Plus Firmware
2
Tapo C260 Firmware
2
Tl Wr841Nd V11 Firmware
2
Deco Be25 Firmware
2
Wr841N Firmware
1
T6 Firmware
1
Tapo C200 Firmware
1
Archer C60 Firmware
1
Tapo D100C V1 0
1
Tapo H100 Firmware
1
Tapo L535E V1 0 V3 0
1
Tapo P100 Firmware
1
Tapo P300 V1 0
1
Tl Ipc544ep W4 Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-3294 | An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a lo | HIGH | 8.7 | 0.1% | 44 |
|
| CVE-2026-34121 | TP-Link Tapo C520WS v2.6 contains an authentication bypass in its HTTP-based DS configuration service that allows unauthenticated attackers to execute privileged device configuration actions by appending authentication-exempt parameters to requests. The vulnerability stems from inconsistent JSON request parsing and authorization logic, enabling unauthorized modification of device state without requiring valid credentials. No public exploit code has been identified at time of analysis, and a vendor-released patch is available. | HIGH | 8.7 | 0.1% | 44 |
|
| CVE-2025-15517 | A missing authentication check in the HTTP server of TP-Link Archer NX-series routers (NX200, NX210, NX500, NX600) allows unauthenticated attackers to access privileged CGI endpoints intended for authenticated administrators. An attacker can perform critical operations including firmware upload and configuration changes without providing valid credentials, effectively gaining administrative control over the device. A vendor patch is available, and this vulnerability represents a direct authentication bypass with severe real-world exploitation potential. | HIGH | 8.6 | 0.0% | 43 |
|
| CVE-2026-3841 | A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. | HIGH | 8.5 | 0.5% | 43 |
No patch
|
| CVE-2026-3227 | Authenticated attackers can achieve root-level command execution on TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 routers by uploading a malicious configuration file through the import function, exploiting improper input validation in the port-trigger processing logic. Successful exploitation grants complete control over the affected device, allowing full compromise of the router and any connected network. A patch is available for this high-severity vulnerability. | HIGH | 8.5 | 0.4% | 43 |
|
| CVE-2026-30818 | OS command injection in TP-Link Archer AX53 v1.0 dnsmasq module allows authenticated adjacent attackers to execute arbitrary code through maliciously crafted configuration files. Successful exploitation enables device configuration modification, sensitive data access, and complete system compromise. Affects TP-Link Archer AX53 v1.0 firmware versions prior to 1.7.1 Build 20260213. Requires high-privilege adjacent network access (CVSS:4.0 AV:A/PR:H). No public exploit identified at time of analysis. | HIGH | 8.5 | 0.4% | 43 |
|
| CVE-2026-30815 | OS command injection in TP-Link Archer AX53 v1.0 OpenVPN module allows authenticated adjacent attackers to execute arbitrary system commands through maliciously crafted configuration files. Exploitation requires high-privilege adjacency access but enables complete device compromise including configuration modification, credential disclosure, and persistent backdoor installation. Affects AX53 v1.0 firmware prior to 1.7.1 Build 20260213. No public exploit identified at time of analysis. | HIGH | 8.5 | 0.3% | 43 |
|
| CVE-2025-15518 | A command injection vulnerability exists in the wireless-control administrative CLI command of TP-Link Archer NX series routers (models NX200, NX210, NX500, and NX600) due to improper input handling that allows crafted input to be executed as part of operating system commands. An authenticated attacker with administrative privileges can exploit this vulnerability to execute arbitrary commands on the device, compromising confidentiality, integrity, and availability. Patches are available from the vendor for all affected models and versions. | HIGH | 8.5 | 0.0% | 43 |
|
| CVE-2025-15519 | A command injection vulnerability exists in the modem-management administrative CLI of TP-Link Archer NX-series routers (NX200, NX210, NX500, NX600) due to improper input handling in CLI commands. An authenticated attacker with administrative privileges can inject crafted input into vulnerable CLI parameters to execute arbitrary operating system commands, compromising the confidentiality, integrity, and availability of the device. A patch is available from TP-Link, and no public exploit or active exploitation has been confirmed at this time. | HIGH | 8.5 | 0.0% | 43 |
|
| CVE-2025-15605 | A hardcoded cryptographic key in the configuration mechanism of TP-Link Archer NX series routers (NX200, NX210, NX500, NX600) allows authenticated attackers to decrypt, modify, and re-encrypt device configuration files, compromising both confidentiality and integrity of router settings. This vulnerability affects multiple hardware versions across all four product lines, with patches now available from the vendor. While no public exploit code or active KEV status has been reported, the authenticated attack requirement and widespread deployment of these consumer routers present moderate real-world risk. | HIGH | 8.5 | 0.0% | 43 |
|
| CVE-2026-0654 | Arbitrary command execution in TP-Link Deco BE25 firmware v1.0 through v1.1.1 Build 20250822 stems from improper input validation in the web administration interface, allowing authenticated adjacent attackers to inject OS commands via malicious configuration files. Successful exploitation grants full control over the affected device with complete compromise of confidentiality, integrity, and availability. No patch is currently available. | HIGH | 8.0 | 0.1% | 40 |
No patch
|
| CVE-2026-0655 | TP-Link Deco BE25 firmware versions 1.0 through 1.1.1 (Build 20250822) contain a path traversal vulnerability that allows authenticated adjacent network attackers to read arbitrary files or trigger denial of service without user interaction. The vulnerability affects the web module component and requires local network access with valid credentials to exploit. No patch is currently available for this high-severity flaw (CVSS 8.0). | HIGH | 8.0 | 0.0% | 40 |
No patch
|
| CVE-2026-30814 | Stack-based buffer overflow in TP-Link Archer AX53 v1.0 tmpServer module enables authenticated adjacent attackers to execute arbitrary code via malicious configuration file. Exploitation triggers segmentation fault, permits device state modification, sensitive data exposure, and integrity compromise. Affects firmware versions before 1.7.1 Build 20260213. Requires high privileges and adjacent network access. No public exploit identified at time of analysis. | HIGH | 7.3 | 0.0% | 37 |
|
| CVE-2026-34126 | Cleartext Bluetooth transmission in TP-Link Tapo L535E, P300, and D100C devices allows adjacent attackers to intercept and manipulate initial setup data, enabling potential unauthorized device control during onboarding. The flaw stems from missing encryption on the Bluetooth pairing channel used only during initialization, and TP-Link has released patched firmware versions for all affected models. No public exploit identified at time of analysis, but the low complexity and absence of authentication make this a meaningful risk for users provisioning devices in dense urban or office environments. | HIGH | 7.3 | – | 36 |
|
| CVE-2026-34124 | Denial-of-service vulnerability in TP-Link Tapo C520WS v2.6 camera allows adjacent network attackers to trigger buffer overflow through crafted HTTP requests with excessively long paths that bypass initial length validation during path normalization, resulting in memory corruption and device reboot without requiring authentication. Vendor has released a patch; no public exploit code identified at time of analysis. | HIGH | 7.1 | 0.0% | 36 |
|