4
CVEs
0
Critical
2
High
0
KEV
0
PoC
0
Unpatched C/H
100.0%
Patch Rate
0.3%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
2
MEDIUM
2
LOW
0
Monthly CVE Trend
Affected Products (30)
Tl Wr886N Firmware
29
Tl Wr841n Firmware
22
Ex1200t Firmware
19
X15 Firmware
16
Tl Wr840N Firmware
16
Tl Wr940n Firmware
14
Ac1750 Firmware
11
Archer Ax53 Firmware
10
Archer Be230 Firmware
10
Tl Sg108E Firmware
9
Tl Wr740N Firmware
8
Tl Wdr7660 Firmware
8
Omada Er605 Firmware
8
M7350 Firmware
8
T10 Firmware
7
Nc260 Firmware
6
Tl War1750L Firmware
6
Eap Controller
6
Tl War450L Firmware
6
Tl Wvr1750L Firmware
6
Tl War2600L Firmware
6
Tl Wvr458L Firmware
6
Tl War1300L Firmware
6
Nc450 Firmware
6
Tl Wr941Nd Firmware
6
Tl War900L Firmware
6
Tl Wvr4300L Firmware
6
Tl Wvr900L Firmware
6
Nc250 Firmware
6
Tl Wvr1300L Firmware
6
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-11834 | Command injection in TP-Link Archer and TL-MR series routers allows an adjacent unauthenticated attacker on the same broadcast domain to execute arbitrary commands with elevated privileges by supplying crafted DHCP option responses. The flaw resides in DHCP client option processing during device initialization and is most reliably triggered when the router is in factory-default or unconfigured state. No public exploit identified at time of analysis, but the vendor (TP-Link) has confirmed the issue and released firmware patches. | HIGH | 8.7 | 0.4% | 44 |
|
| CVE-2026-5040 | Credential disclosure in TP-Link Deco M5 v1 mesh routers stems from a weak (computationally cheap) password-hashing scheme used to store local user credentials, letting an attacker who has already obtained the stored hash recover the plaintext password via offline brute-force or dictionary attacks. Affected devices are the Deco M5 v1 hardware revision, and successful cracking yields access to device management functions scoped to the recovered account's privileges. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the CVSS 4.0 vector (AV:L/AC:H/PR:H) reflects that it is a post-compromise credential-recovery weakness rather than a remote entry point. | HIGH | 7.1 | 0.1% | 36 |
|
| CVE-2026-9105 | Stack-based buffer overflow in the TP-Link TL-WR841N v14 web management interface allows an authenticated attacker on the same local network segment to crash the embedded web server via crafted HTTP requests, forcing the device to automatically reboot. The impact is limited exclusively to availability - no confidentiality or integrity exposure has been identified. No public exploit code or CISA KEV listing exists at time of analysis; the constrained attack prerequisites (adjacent network, administrative credentials) significantly bound real-world risk. | MEDIUM | 6.8 | 0.3% | 34 |
|
| CVE-2026-13230 | Unauthenticated information disclosure in TP-Link Kasa EC70 v4 and EC71 v4 exposes sensitive geolocation data to any attacker on the same local network segment. The flaw resides in the devices' local discovery mechanism, which returns geolocation-related information in response to crafted network probes without requiring any credentials. Impact is limited to confidentiality; no integrity or availability compromise is possible through this vector. No public exploit exists and no active exploitation has been confirmed. | MEDIUM | 5.3 | 0.2% | 27 |
|