Skip to main content

TP-Link

Vendor security scorecard – 76 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 290
76
CVEs
0
Critical
58
High
1
KEV
1
PoC
26
Unpatched C/H
50.0%
Patch Rate
0.4%
Avg EPSS

Severity Breakdown

CRITICAL
0
HIGH
58
MEDIUM
17
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2025-9377 TP-Link Archer C7 and TL-WR841N routers contain an authenticated remote command execution vulnerability in the Parental Control page, affecting end-of-life devices with no patch available. HIGH 8.6 15.6% 119
KEV No patch
CVE-2018-25321 TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. MEDIUM 5.3 0.0% 47
PoC No patch
CVE-2025-14756 Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise. [CVSS 8.8 HIGH] HIGH 8.8 0.3% 44
No patch
CVE-2026-0652 Authenticated attackers can execute arbitrary commands on TP-Link Tapo C260 v1 cameras through command injection in POST parameters during configuration synchronization, potentially achieving complete device compromise. The vulnerability stems from insufficient input validation and affects confidentiality, integrity, and availability with no patch currently available. HIGH 8.8 0.2% 44
No patch
CVE-2026-1457 Remote code execution in TP-Link VIGI C385 cameras results from improper input validation in the Web API that allows authenticated attackers to trigger buffer overflows and corrupt memory. An attacker with valid credentials can exploit this vulnerability to execute arbitrary code with elevated privileges on affected devices. No patch is currently available for this high-severity issue. HIGH 8.8 0.1% 44
No patch
CVE-2025-15557 An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. [CVSS 8.8 HIGH] HIGH 8.8 0.0% 44
No patch
CVE-2026-11834 Command injection in TP-Link Archer and TL-MR series routers allows an adjacent unauthenticated attacker on the same broadcast domain to execute arbitrary commands with elevated privileges by supplying crafted DHCP option responses. The flaw resides in DHCP client option processing during device initialization and is most reliably triggered when the router is in factory-default or unconfigured state. No public exploit identified at time of analysis, but the vendor (TP-Link) has confirmed the issue and released firmware patches. HIGH 8.7 0.4% 44
CVE-2026-3294 An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a lo HIGH 8.7 0.1% 44
CVE-2026-34121 TP-Link Tapo C520WS v2.6 contains an authentication bypass in its HTTP-based DS configuration service that allows unauthenticated attackers to execute privileged device configuration actions by appending authentication-exempt parameters to requests. The vulnerability stems from inconsistent JSON request parsing and authorization logic, enabling unauthorized modification of device state without requiring valid credentials. No public exploit code has been identified at time of analysis, and a vendor-released patch is available. HIGH 8.7 0.1% 44
CVE-2025-14300 Missing authentication on the HTTPS connectAP interface in TP-Link Tapo C200 V3 firmware (versions 1.3.3 through 1.4.1) allows adjacent network attackers to remotely reconfigure device Wi-Fi settings, causing permanent denial-of-service until manual intervention. The vulnerability exploits CWE-306 (Missing Authentication for Critical Function) with CVSS 8.7 severity, requiring only adjacent network access with low attack complexity and no user interaction. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the technical barrier is minimal for LAN-positioned adversaries. HIGH 8.7 0.1% 44
No patch
CVE-2026-22226 Authenticated command injection in the TP-Link Archer BE230 v1.2 router (firmware prior to 1.2.4 Build 20251218 rel.70420) allows an administrator on the adjacent network to execute arbitrary OS commands via the VPN server configuration module. No public exploit identified at time of analysis, and EPSS of 0.99% (77th percentile) suggests modest near-term exploitation likelihood, though successful exploitation yields full device takeover. This CVE is one of several distinct command injection flaws disclosed across separate code paths in the same firmware. HIGH 8.5 1.0% 43
CVE-2025-15517 A missing authentication check in the HTTP server of TP-Link Archer NX-series routers (NX200, NX210, NX500, NX600) allows unauthenticated attackers to access privileged CGI endpoints intended for authenticated administrators. An attacker can perform critical operations including firmware upload and configuration changes without providing valid credentials, effectively gaining administrative control over the device. A vendor patch is available, and this vulnerability represents a direct authentication bypass with severe real-world exploitation potential. HIGH 8.6 0.0% 43
CVE-2026-3841 A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. HIGH 8.5 0.5% 43
No patch
CVE-2026-3227 Authenticated attackers can achieve root-level command execution on TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 routers by uploading a malicious configuration file through the import function, exploiting improper input validation in the port-trigger processing logic. Successful exploitation grants complete control over the affected device, allowing full compromise of the router and any connected network. A patch is available for this high-severity vulnerability. HIGH 8.5 0.4% 43
CVE-2026-30818 OS command injection in TP-Link Archer AX53 v1.0 dnsmasq module allows authenticated adjacent attackers to execute arbitrary code through maliciously crafted configuration files. Successful exploitation enables device configuration modification, sensitive data access, and complete system compromise. Affects TP-Link Archer AX53 v1.0 firmware versions prior to 1.7.1 Build 20260213. Requires high-privilege adjacent network access (CVSS:4.0 AV:A/PR:H). No public exploit identified at time of analysis. HIGH 8.5 0.4% 43

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy