Filtered by vendor Tp-link
Subscribe
Total
363 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40531 | 1 Tp-link | 2 Archer Ax6000, Archer Ax6000 Firmware | 2024-11-21 | N/A | 8.0 HIGH |
| Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-40357 | 1 Tp-link | 8 Archer A10, Archer A10 Firmware, Archer Ax10 and 5 more | 2024-11-21 | N/A | 8.0 HIGH |
| Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'. | |||||
| CVE-2023-40193 | 1 Tp-link | 2 Deco M4, Deco M4 Firmware | 2024-11-21 | N/A | 8.0 HIGH |
| Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-39935 | 1 Tp-link | 2 Archer C5400, Archer C5400 Firmware | 2024-11-21 | N/A | 8.0 HIGH |
| Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-39751 | 1 Tp-link | 2 Tl-wr941nd V6, Tl-wr941nd V6 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm. | |||||
| CVE-2023-39748 | 1 Tp-link | 2 Tl-wr1041n V2, Tl-wr1041n V2 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-39747 | 1 Tp-link | 6 Tl-wr841n V8, Tl-wr841n V8 Firmware, Tl-wr940n V2 and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm. | |||||
| CVE-2023-39745 | 1 Tp-link | 6 Tl-wr841n V8, Tl-wr841n V8 Firmware, Tl-wr940n V2 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
| TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-39610 | 1 Tp-link | 2 Tapo C100, Tapo C100 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. | |||||
| CVE-2023-39224 | 1 Tp-link | 2 Archer C7, Archer C7 Firmware | 2024-11-21 | N/A | 8.0 HIGH |
| Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided. | |||||
| CVE-2023-38909 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function. | |||||
| CVE-2023-38908 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function. | |||||
| CVE-2023-38907 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key. | |||||
| CVE-2023-38906 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message. | |||||
| CVE-2023-38588 | 1 Tp-link | 2 Archer C3150, Archer C3150 Firmware | 2024-11-21 | N/A | 8.0 HIGH |
| Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-38568 | 1 Tp-link | 2 Archer A10, Archer A10 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-38563 | 1 Tp-link | 4 Archer C1200, Archer C1200 Firmware, Archer C9 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-37284 | 1 Tp-link | 2 Archer C20, Archer C20 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication. | |||||
| CVE-2023-36498 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell. | |||||
| CVE-2023-36489 | 1 Tp-link | 6 Tl-wr802n, Tl-wr802n Firmware, Tl-wr841n and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. | |||||