Filtered by vendor Tp-link
Subscribe
Total
393 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44630 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2022-03-12 | 10.0 HIGH | 9.8 CRITICAL |
| A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. | |||||
| CVE-2021-44629 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2022-03-12 | 10.0 HIGH | 9.8 CRITICAL |
| A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. | |||||
| CVE-2021-44622 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2022-03-12 | 10.0 HIGH | 9.8 CRITICAL |
| A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request. | |||||
| CVE-2021-44623 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2022-03-12 | 10.0 HIGH | 9.8 CRITICAL |
| A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface. | |||||
| CVE-2021-44625 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2022-03-12 | 10.0 HIGH | 9.8 CRITICAL |
| A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request. | |||||
| CVE-2021-44626 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2022-03-12 | 10.0 HIGH | 9.8 CRITICAL |
| A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. | |||||
| CVE-2022-25062 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2022-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||||
| CVE-2022-25072 | 1 Tp-link | 2 Archer A54, Archer A54 Firmware | 2022-03-03 | 10.0 HIGH | 9.8 CRITICAL |
| TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. | |||||
| CVE-2022-25074 | 1 Tp-link | 2 Tl-wr902ac, Tl-wr902ac Firmware | 2022-03-03 | 10.0 HIGH | 9.8 CRITICAL |
| TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. | |||||
| CVE-2022-25073 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2022-03-03 | 10.0 HIGH | 9.8 CRITICAL |
| TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. | |||||
| CVE-2022-24355 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2022-02-28 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name extensions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13910. | |||||
| CVE-2022-24354 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2022-02-28 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15835. | |||||
| CVE-2022-0162 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2022-02-17 | 7.5 HIGH | 9.8 CRITICAL |
| The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface. | |||||
| CVE-2021-44864 | 1 Tp-link | 2 Wn886n, Wn886n Firmware | 2022-02-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter. | |||||
| CVE-2021-35004 | 1 Tp-link | 2 Tl-wa1201, Tl-wa1201 Firmware | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14656. | |||||
| CVE-2021-35003 | 1 Tp-link | 2 Archer C90, Archer C90 Firmware | 2022-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14655. | |||||
| CVE-2021-4144 | 1 Tp-link | 2 Tl-wr802n, Tl-wr802n Firmware | 2022-01-04 | 6.5 MEDIUM | 8.8 HIGH |
| TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. | |||||
| CVE-2020-9374 | 1 Tp-link | 2 Tl-wr849n, Tl-wr849n Firmware | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature. | |||||
| CVE-2021-41653 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2021-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | |||||
| CVE-2020-10887 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2021-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663. | |||||