VYPR

Deco

by TP-Link

CVEs (5)

  • CVE-2025-9293HigFeb 13, 2026
    risk 0.53cvss 8.1epss 0.00

    A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position…

  • CVE-2025-9292HigFeb 13, 2026
    risk 0.49cvss 7.5epss 0.00

    A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web…

  • CVE-2024-21833Jan 10, 2024
    risk 0.00cvss epss 0.01

    Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.

  • CVE-2024-21773Jan 10, 2024
    risk 0.00cvss epss 0.01

    Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.

  • CVE-2023-40193Sep 6, 2023
    risk 0.00cvss epss 0.00

    Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.