Filtered by vendor Tp-link
Subscribe
Total
393 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46912 | 1 Tp-link | 4 Tl-wr841n, Tl-wr841n Firmware, Tl-wr841nd V7 and 1 more | 2025-04-16 | N/A | 8.8 HIGH |
| An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. | |||||
| CVE-2022-46434 | 1 Tp-link | 2 Tl-wa7510n V1, Tl-wa7510n V1 Firmware | 2025-04-16 | N/A | 7.5 HIGH |
| An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12.6 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. | |||||
| CVE-2022-46432 | 1 Tp-link | 2 Tl-wr743nd V1, Tl-wr743nd V1 Firmware | 2025-04-16 | N/A | 7.5 HIGH |
| An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v3.12.20 and earlier. | |||||
| CVE-2022-46430 | 1 Tp-link | 8 Tl-wr740n V1, Tl-wr740n V1 Firmware, Tl-wr740n V2 and 5 more | 2025-04-16 | N/A | 4.8 MEDIUM |
| TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | |||||
| CVE-2022-46435 | 1 Tp-link | 6 Tl-wr941nd V2, Tl-wr941nd V2 Firmware, Tl-wr941nd V3 and 3 more | 2025-04-16 | N/A | 8.8 HIGH |
| An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. | |||||
| CVE-2022-46914 | 1 Tp-link | 4 Tl-wa801n, Tl-wa801n Firmware, Tl-wa801nd V1 and 1 more | 2025-04-16 | N/A | 8.8 HIGH |
| An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. | |||||
| CVE-2022-48194 | 1 Tp-link | 2 Tl-wr902ac, Tl-wr902ac Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate. | |||||
| CVE-2022-4498 | 1 Tp-link | 4 Archer C5, Archer C5 Firmware, Tl-wr710n and 1 more | 2025-04-09 | N/A | 9.8 CRITICAL |
| In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution. | |||||
| CVE-2022-4499 | 1 Tp-link | 4 Archer C5, Archer C5 Firmware, Tl-wr710n and 1 more | 2025-04-09 | N/A | 7.5 HIGH |
| TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password. | |||||
| CVE-2024-57040 | 1 Tp-link | 2 Tl-wr845n, Tl-wr845n Firmware | 2025-04-07 | N/A | N/A |
| TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the router. | |||||
| CVE-2023-22303 | 1 Tp-link | 2 Tl-sg105pe, Tl-sg105pe Firmware | 2025-04-04 | N/A | 9.8 CRITICAL |
| TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. Under the certain conditions, an attacker may impersonate an administrator of the product. As a result, information may be obtained and/or the product's settings may be altered with the privilege of the administrator. | |||||
| CVE-2021-37774 | 1 Tp-link | 2 Tl-wdr7660, Tl-wdr7660 Firmware | 2025-04-04 | N/A | 8.0 HIGH |
| An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code. | |||||
| CVE-2015-3035 | 1 Tp-link | 26 Archer C5 \(1.2\), Archer C5 \(1.2\) Firmware, Archer C7 \(2.0\) and 23 more | 2025-04-03 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. | |||||
| CVE-2022-41505 | 1 Tp-link | 2 Tapo C200 V1, Tapo C200 V1 Firmware | 2025-04-03 | N/A | 6.4 MEDIUM |
| An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value. | |||||
| CVE-2023-1389 | 1 Tp-link | 2 Archer Ax21, Archer Ax21 Firmware | 2025-03-19 | N/A | 8.8 HIGH |
| TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. | |||||
| CVE-2025-25897 | 1 Tp-link | 2 Tl-wr841nd, Tl-wr841nd Firmware | 2025-03-18 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2025-25898 | 1 Tp-link | 2 Tl-wr841nd, Tl-wr841nd Firmware | 2025-03-18 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2023-23040 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2025-03-12 | N/A | 7.5 HIGH |
| TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication. | |||||
| CVE-2024-2188 | 1 Tp-link | 2 Archer Ax50, Archer Ax50 Firmware | 2025-03-04 | N/A | 6.1 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded. | |||||
| CVE-2023-27078 | 1 Tp-link | 2 Tl-mr3020, Tl-mr3020 Firmware | 2025-02-25 | N/A | 9.8 CRITICAL |
| A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint. | |||||