440
CVEs
79
Critical
250
High
5
KEV
250
PoC
291
Unpatched C/H
10.7%
Patch Rate
4.9%
Avg EPSS
Severity Breakdown
CRITICAL
79
HIGH
250
MEDIUM
109
LOW
1
Monthly CVE Trend
Affected Products (30)
Tl Wr886N Firmware
29
Tl Wr841n Firmware
22
Ex1200t Firmware
19
X15 Firmware
16
Tl Wr840N Firmware
16
Tl Wr940n Firmware
14
Ac1750 Firmware
11
Archer Ax53 Firmware
10
Archer Be230 Firmware
10
Tl Sg108E Firmware
9
Tl Wr740N Firmware
8
Tl Wdr7660 Firmware
8
Omada Er605 Firmware
8
M7350 Firmware
8
T10 Firmware
7
Nc260 Firmware
6
Tl War1750L Firmware
6
Eap Controller
6
Tl War450L Firmware
6
Tl Wvr1750L Firmware
6
Tl War2600L Firmware
6
Tl Wvr458L Firmware
6
Tl War1300L Firmware
6
Nc450 Firmware
6
Tl Wr941Nd Firmware
6
Tl War900L Firmware
6
Tl Wvr4300L Firmware
6
Tl Wvr900L Firmware
6
Nc250 Firmware
6
Tl Wvr1300L Firmware
6
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2015-3035 | Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 7.5 | 93.1% | 201 |
KEV
PoC
No patch
|
| CVE-2013-2578 | cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.3%. | CRITICAL | 10.0 | 72.3% | 157 |
PoC
No patch
|
| CVE-2021-41653 | The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.5%. | CRITICAL | 9.8 | 77.5% | 146 |
PoC
No patch
|
| CVE-2022-25061 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%. | CRITICAL | 9.8 | 72.5% | 141 |
PoC
No patch
|
| CVE-2015-3036 | Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.1%. | CRITICAL | 10.0 | 70.1% | 140 |
PoC
No patch
|
| CVE-2012-5687 | Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 67.5%. | HIGH | 7.8 | 67.5% | 126 |
PoC
No patch
|
| CVE-2022-25060 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.4%. | CRITICAL | 9.8 | 52.4% | 121 |
PoC
No patch
|
| CVE-2025-9377 | TP-Link Archer C7 and TL-WR841N routers contain an authenticated remote command execution vulnerability in the Parental Control page, affecting end-of-life devices with no patch available. | HIGH | 8.6 | 15.6% | 119 |
KEV
No patch
|
| CVE-2024-57049 | A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 48.8%. | CRITICAL | 9.8 | 48.8% | 118 |
PoC
No patch
|
| CVE-2017-13772 | Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 52.7%. | HIGH | 8.8 | 52.7% | 117 |
PoC
No patch
|
| CVE-2022-25064 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 39.8%. | CRITICAL | 9.8 | 39.8% | 109 |
PoC
No patch
|
| CVE-2022-30075 | In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 37.2%. | HIGH | 8.8 | 37.2% | 101 |
PoC
No patch
|
| CVE-2013-2579 | TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.8%. | CRITICAL | 10.0 | 17.8% | 88 |
PoC
No patch
|
| CVE-2020-28347 | tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 73.8% | 84 |
PoC
No patch
|
| CVE-2017-11519 | passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%. | CRITICAL | 9.8 | 13.2% | 82 |
PoC
No patch
|