18
CVEs
0
Critical
15
High
0
KEV
0
PoC
0
Unpatched C/H
94.4%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
15
MEDIUM
2
LOW
0
Monthly CVE Trend
Affected Products (30)
Command Injection
22
Ex1200t Firmware
19
X15 Firmware
16
Heap Overflow
12
Archer Be230 Firmware
11
Archer Ax53 Firmware
11
T10 Firmware
7
A3002r Firmware
6
Stack Overflow
5
Memory Corruption
4
A3002ru Firmware
4
Archer C20 Firmware
3
Archer Ax3000 Firmware
3
IoT
3
Archer Ax5400 Firmware
3
Tl Wr841Nd Firmware
3
Archer Axe75 Firmware
3
A702r Firmware
3
N302r Plus Firmware
2
Null Pointer Dereference
2
Deco Be25 Firmware
2
Tapo C260 Firmware
2
Deco Xe200 Firmware
2
Deco X50 Firmware
2
Tl Wr841Nd V11 Firmware
2
Tl Wr940n Firmware
2
Archer Be400 Firmware
1
Tl Sg108E Firmware
1
T6 Firmware
1
Kp303 Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-34121 | TP-Link Tapo C520WS v2.6 contains an authentication bypass in its HTTP-based DS configuration service that allows unauthenticated attackers to execute privileged device configuration actions by appending authentication-exempt parameters to requests. The vulnerability stems from inconsistent JSON request parsing and authorization logic, enabling unauthorized modification of device state without requiring valid credentials. No public exploit code has been identified at time of analysis, and a vendor-released patch is available. | HIGH | 8.7 | 0.1% | 44 |
|
| CVE-2025-15517 | A missing authentication check in the HTTP server of TP-Link Archer NX-series routers (NX200, NX210, NX500, NX600) allows unauthenticated attackers to access privileged CGI endpoints intended for authenticated administrators. An attacker can perform critical operations including firmware upload and configuration changes without providing valid credentials, effectively gaining administrative control over the device. A vendor patch is available, and this vulnerability represents a direct authentication bypass with severe real-world exploitation potential. | HIGH | 8.6 | 0.0% | 43 |
|
| CVE-2026-3227 | Authenticated attackers can achieve root-level command execution on TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 routers by uploading a malicious configuration file through the import function, exploiting improper input validation in the port-trigger processing logic. Successful exploitation grants complete control over the affected device, allowing full compromise of the router and any connected network. A patch is available for this high-severity vulnerability. | HIGH | 8.5 | 0.4% | 43 |
|
| CVE-2025-15518 | A command injection vulnerability exists in the wireless-control administrative CLI command of TP-Link Archer NX series routers (models NX200, NX210, NX500, and NX600) due to improper input handling that allows crafted input to be executed as part of operating system commands. An authenticated attacker with administrative privileges can exploit this vulnerability to execute arbitrary commands on the device, compromising confidentiality, integrity, and availability. Patches are available from the vendor for all affected models and versions. | HIGH | 8.5 | 0.0% | 43 |
|
| CVE-2025-15519 | A command injection vulnerability exists in the modem-management administrative CLI of TP-Link Archer NX-series routers (NX200, NX210, NX500, NX600) due to improper input handling in CLI commands. An authenticated attacker with administrative privileges can inject crafted input into vulnerable CLI parameters to execute arbitrary operating system commands, compromising the confidentiality, integrity, and availability of the device. A patch is available from TP-Link, and no public exploit or active exploitation has been confirmed at this time. | HIGH | 8.5 | 0.0% | 43 |
|
| CVE-2025-15605 | A hardcoded cryptographic key in the configuration mechanism of TP-Link Archer NX series routers (NX200, NX210, NX500, NX600) allows authenticated attackers to decrypt, modify, and re-encrypt device configuration files, compromising both confidentiality and integrity of router settings. This vulnerability affects multiple hardware versions across all four product lines, with patches now available from the vendor. While no public exploit code or active KEV status has been reported, the authenticated attack requirement and widespread deployment of these consumer routers present moderate real-world risk. | HIGH | 8.5 | 0.0% | 43 |
|
| CVE-2026-30815 | OS command injection in TP-Link Archer AX53 v1.0 OpenVPN module allows authenticated adjacent attackers to execute arbitrary system commands through maliciously crafted configuration files. Exploitation requires high-privilege adjacency access but enables complete device compromise including configuration modification, credential disclosure, and persistent backdoor installation. Affects AX53 v1.0 firmware prior to 1.7.1 Build 20260213. No public exploit identified at time of analysis. | HIGH | 8.5 | 0.3% | 42 |
|
| CVE-2026-30818 | OS command injection in TP-Link Archer AX53 v1.0 dnsmasq module allows authenticated adjacent attackers to execute arbitrary code through maliciously crafted configuration files. Successful exploitation enables device configuration modification, sensitive data access, and complete system compromise. Affects TP-Link Archer AX53 v1.0 firmware versions prior to 1.7.1 Build 20260213. Requires high-privilege adjacent network access (CVSS:4.0 AV:A/PR:H). No public exploit identified at time of analysis. | HIGH | 8.5 | 0.4% | 42 |
|
| CVE-2026-30814 | Stack-based buffer overflow in TP-Link Archer AX53 v1.0 tmpServer module enables authenticated adjacent attackers to execute arbitrary code via malicious configuration file. Exploitation triggers segmentation fault, permits device state modification, sensitive data exposure, and integrity compromise. Affects firmware versions before 1.7.1 Build 20260213. Requires high privileges and adjacent network access. No public exploit identified at time of analysis. | HIGH | 7.3 | 0.0% | 36 |
|
| CVE-2026-34124 | Denial-of-service vulnerability in TP-Link Tapo C520WS v2.6 camera allows adjacent network attackers to trigger buffer overflow through crafted HTTP requests with excessively long paths that bypass initial length validation during path normalization, resulting in memory corruption and device reboot without requiring authentication. Vendor has released a patch; no public exploit code identified at time of analysis. | HIGH | 7.1 | 0.0% | 36 |
|
| CVE-2025-15606 | A Denial-of-Service vulnerability exists in the httpd component of TP-Link TD-W8961N v4.0 routers, caused by improper input sanitization (CWE-20) that allows attackers to craft malicious requests triggering httpd service crashes. The vulnerability enables service interruption and network unavailability for affected users. Although no CVSS score or EPSS metric is publicly available, a vendor patch is already available, indicating acknowledgment of the issue's severity and exploitability. | HIGH | 7.1 | 0.0% | 36 |
|
| CVE-2026-34118 | Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows remote attackers on the same network segment to trigger denial-of-service by sending crafted HTTP POST payloads that exceed allocated buffer boundaries. The vulnerability stems from missing validation in HTTP body parsing logic, causing process crashes or unresponsiveness. No CVSS score or vector data is available, limiting precise severity quantification, but the practical attack vector is network-adjacent and does not require authentication. | HIGH | 7.1 | 0.0% | 36 |
|
| CVE-2026-34119 | Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows unauthenticated network attackers to trigger denial-of-service by sending crafted HTTP payloads that bypass boundary validation during segmented request body parsing. The vulnerability exploits insufficient write-boundary verification in the HTTP parsing loop, causing heap memory corruption that crashes or hangs the device process. Patch is available from the vendor. | HIGH | 7.1 | 0.0% | 36 |
|
| CVE-2026-34120 | Heap-based buffer overflow in TP-Link Tapo C520WS v2.6 allows local network attackers to cause denial of service by sending crafted payloads during asynchronous video stream processing, triggering memory corruption and process crashes. The vulnerability stems from insufficient buffer boundary validation in streaming input handling. A vendor patch is available. | HIGH | 7.1 | 0.0% | 36 |
|
| CVE-2026-34122 | Stack-based buffer overflow in TP-Link Tapo C520WS v2.6 allows remote attackers to trigger denial-of-service by sending oversized configuration parameters to a vulnerable configuration handling component. Successful exploitation causes device crash or reboot, impacting camera availability. Vendor has released a patch. | HIGH | 7.1 | 0.0% | 36 |
|