Filtered by vendor Tp-link
Subscribe
Total
363 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28478 | 1 Tp-link | 2 Ec70, Ec70 Firmware | 2025-01-06 | N/A | 8.8 HIGH |
| TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow. | |||||
| CVE-2023-27836 | 1 Tp-link | 2 Tl-wpa8630p, Tl-wpa8630p Firmware | 2025-01-06 | N/A | 9.8 CRITICAL |
| TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C. | |||||
| CVE-2023-29562 | 1 Tp-link | 2 Tl-wpa7510, Tl-wpa7510 Firmware | 2025-01-03 | N/A | 9.8 CRITICAL |
| TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale. | |||||
| CVE-2023-27837 | 1 Tp-link | 2 Tl-wpa8630p, Tl-wpa8630p Firmware | 2025-01-03 | N/A | 9.8 CRITICAL |
| TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774. | |||||
| CVE-2024-12344 | 1 Tp-link | 2 Vn020 F3v, Vn020 F3v Firmware | 2024-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12343 | 1 Tp-link | 2 Vn020 F3v, Vn020 F3v Firmware | 2024-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-36358 | 1 Tp-link | 8 Tl-wr743nd, Tl-wr743nd Firmware, Tl-wr841n and 5 more | 2024-12-10 | N/A | 7.7 HIGH |
| TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-36359 | 1 Tp-link | 6 Tl-wr841n, Tl-wr841n Firmware, Tl-wr940n and 3 more | 2024-12-10 | N/A | 7.5 HIGH |
| TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-36357 | 1 Tp-link | 6 Tl-wr841n, Tl-wr841n Firmware, Tl-wr940n and 3 more | 2024-12-02 | N/A | 7.7 HIGH |
| An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2024-21833 | 1 Tp-link | 10 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 7 more | 2024-11-21 | N/A | 8.8 HIGH |
| Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi. | |||||
| CVE-2024-21821 | 1 Tp-link | 6 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 3 more | 2024-11-21 | N/A | 8.0 HIGH |
| Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. | |||||
| CVE-2024-21773 | 1 Tp-link | 8 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 5 more | 2024-11-21 | N/A | 8.8 HIGH |
| Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings. | |||||
| CVE-2023-49515 | 1 Tp-link | 4 Tapo C200, Tapo C200 Firmware, Tapo Tc70 and 1 more | 2024-11-21 | N/A | 4.6 MEDIUM |
| Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components. | |||||
| CVE-2023-47618 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-47617 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-47209 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-47167 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-46683 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-46539 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. | |||||
| CVE-2023-46538 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister. | |||||