Filtered by vendor Tp-link
Subscribe
Total
424 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21773 | 1 Tp-link | 8 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 5 more | 2025-06-03 | N/A | 8.8 HIGH |
| Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings. | |||||
| CVE-2024-46325 | 1 Tp-link | 2 Wr740n, Wr740n Firmware | 2025-06-02 | N/A | 5.5 MEDIUM |
| TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. | |||||
| CVE-2024-48710 | 1 Tp-link | 2 Tl-wdr7660, Tl-wdr7660 Firmware | 2025-05-21 | N/A | 6.5 MEDIUM |
| In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | |||||
| CVE-2024-48712 | 1 Tp-link | 2 Tl-wdr7660, Tl-wdr7660 Firmware | 2025-05-21 | N/A | 6.5 MEDIUM |
| In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | |||||
| CVE-2024-48713 | 1 Tp-link | 2 Tl-wdr7660, Tl-wdr7660 Firmware | 2025-05-21 | N/A | 6.5 MEDIUM |
| In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | |||||
| CVE-2024-48714 | 1 Tp-link | 2 Tl-wdr7660, Tl-wdr7660 Firmware | 2025-05-21 | N/A | 6.5 MEDIUM |
| In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | |||||
| CVE-2022-40486 | 1 Tp-link | 2 Archer Ax10 V1, Archer Ax10 V1 Firmware | 2025-05-21 | N/A | 8.8 HIGH |
| TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file. | |||||
| CVE-2022-41541 | 1 Tp-link | 2 Ax10, Ax10 Firmware | 2025-05-15 | N/A | 8.1 HIGH |
| TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user. | |||||
| CVE-2022-41540 | 1 Tp-link | 2 Ax10, Ax10 Firmware | 2025-05-15 | N/A | 5.9 MEDIUM |
| The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information. | |||||
| CVE-2022-42202 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2025-05-13 | N/A | 6.1 MEDIUM |
| TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-41783 | 1 Tp-link | 2 Re3000, Re3000 Firmware | 2025-04-23 | N/A | 5.5 MEDIUM |
| tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function. | |||||
| CVE-2017-17745 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter. | |||||
| CVE-2017-17746 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2025-04-20 | 7.7 HIGH | 6.8 MEDIUM |
| Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated. | |||||
| CVE-2017-8076 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2025-04-20 | 7.8 HIGH | 9.8 CRITICAL |
| On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
| CVE-2017-9466 | 1 Tp-link | 2 Wr841n V8, Wr841n V8 Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuration service tddp via the LAN and Ath0 (Wi-Fi) interfaces. | |||||
| CVE-2017-17758 | 1 Tp-link | 30 Tl-war1200l, Tl-war1200l Firmware, Tl-war1300l and 27 more | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd. | |||||
| CVE-2017-8075 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
| CVE-2017-11519 | 1 Tp-link | 2 Archer C9 \(2.0\), Archer C9 \(2.0\) Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511. | |||||
| CVE-2017-8220 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2025-04-20 | 9.0 HIGH | 9.9 CRITICAL |
| TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data. | |||||
| CVE-2017-8077 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||