Filtered by vendor Tp-link
Subscriptions
Total
382 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37284 | 1 Tp-link | 2 Archer C20, Archer C20 Firmware | 2024-11-21 | 8.8 High |
| Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication. | ||||
| CVE-2023-36498 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-11-21 | 7.2 High |
| A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell. | ||||
| CVE-2023-36489 | 1 Tp-link | 6 Tl-wr802n, Tl-wr802n Firmware, Tl-wr841n and 3 more | 2024-11-21 | 8.8 High |
| Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. | ||||
| CVE-2023-32619 | 1 Tp-link | 4 Archer C50 V3, Archer C50 V3 Firmware, Archer C55 and 1 more | 2024-11-21 | 8.8 High |
| Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. | ||||
| CVE-2023-31710 | 1 Tp-link | 2 Archer Ax21, Archer Ax21 Firmware | 2024-11-21 | 9.8 Critical |
| TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow. | ||||
| CVE-2023-31188 | 1 Tp-link | 5 Archer C20 Firmware, Archer C50 V3, Archer C50 V3 Firmware and 2 more | 2024-11-21 | 8 High |
| Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'. | ||||
| CVE-2023-30383 | 1 Tp-link | 7 Archer C2, Archer C20, Archer C20 Firmware and 4 more | 2024-11-21 | 7.5 High |
| TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data. | ||||
| CVE-2023-27359 | 1 Tp-link | 1 Archer Ax21 Firmware | 2024-11-21 | N/A |
| TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hotplugd daemon. The issue results from firewall rule handling that allows an attacker access to resources that should be available to the LAN interface only. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the root user. . Was ZDI-CAN-19664. | ||||
| CVE-2023-27332 | 1 Tp-link | 1 Archer Ax21 Firmware | 2024-11-21 | N/A |
| TP-Link Archer AX21 tdpServer Logging Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logging functionality of the tdpServer program, which listens on UDP port 20002. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19898. | ||||
| CVE-2023-27098 | 1 Tp-link | 2 Tapo, Tapo C200 | 2024-11-21 | 7.5 High |
| TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | ||||
| CVE-2022-41541 | 1 Tp-link | 2 Ax10, Ax10 Firmware | 2024-11-21 | 8.1 High |
| TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user. | ||||
| CVE-2022-41540 | 1 Tp-link | 2 Ax10, Ax10 Firmware | 2024-11-21 | 5.9 Medium |
| The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information. | ||||
| CVE-2022-40486 | 1 Tp-link | 2 Archer Ax10 V1, Archer Ax10 V1 Firmware | 2024-11-21 | 8.8 High |
| TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file. | ||||
| CVE-2022-37860 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-11-21 | 9.8 Critical |
| The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. | ||||
| CVE-2022-34555 | 1 Tp-link | 2 Tl-r473g, Tl-r473g Firmware | 2024-11-21 | 9.8 Critical |
| TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet. | ||||
| CVE-2022-33087 | 1 Tp-link | 4 Archer A5, Archer A5 Firmware, Archer C50 and 1 more | 2024-11-21 | 7.5 High |
| A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2022-32058 | 1 Tp-link | 4 Tl-wr741n, Tl-wr741n Firmware, Tl-wr742n and 1 more | 2024-11-21 | 7.5 High |
| An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2022-30075 | 1 Tp-link | 2 Archer Ax50, Archer Ax50 Firmware | 2024-11-21 | 8.8 High |
| In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. | ||||
| CVE-2022-30024 | 1 Tp-link | 6 Tl-wr841, Tl-wr841 Firmware, Tl-wr841n and 3 more | 2024-11-21 | 8.8 High |
| A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected. | ||||
| CVE-2022-29402 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 6.8 Medium |
| TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. | ||||