VYPR

Vendor CVEs

TP-Link

All CVEs

551 total · sorted by risk
  • CVE-2015-3035HigKEVApr 22, 2015
    risk 0.70cvss 7.5epss 0.84

    Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302,…

  • CVE-2018-11714CriJun 4, 2018
    risk 0.67cvss 9.8epss 0.37

    An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker…

  • CVE-2017-8220CriApr 25, 2017
    risk 0.67cvss 9.9epss 0.36

    TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.

  • CVE-2018-5393CriSep 28, 2018
    risk 0.65cvss 9.8epss 0.13

    The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user…

  • CVE-2025-15608CriMar 20, 2026
    risk 0.64cvss 9.8epss 0.01

    This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote…

  • CVE-2025-15607CriMar 20, 2026
    risk 0.64cvss 9.8epss 0.02

    A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and…

  • CVE-2026-1668CriMar 13, 2026
    risk 0.64cvss 9.8epss 0.01

    The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.An…

  • CVE-2024-57040CriFeb 26, 2025
    risk 0.64cvss 9.8epss 0.01

    TP-Link TL-WR845N devices with firmware TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or via a brute force attack through physical access to the…

  • CVE-2023-6437CriMar 28, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u allows authenticated OS Command…

  • CVE-2018-12575CriJul 2, 2018
    risk 0.64cvss 9.8epss 0.03

    On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.

  • CVE-2018-11482CriMay 30, 2018
    risk 0.64cvss 9.8epss 0.01

    /usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.

  • CVE-2017-13772HigOct 23, 2017
    risk 0.64cvss 8.8epss 0.53

    Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.

  • CVE-2017-11519CriJul 21, 2017
    risk 0.64cvss 9.8epss 0.03

    passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.

  • CVE-2017-9466CriJun 26, 2017
    risk 0.64cvss 9.8epss 0.00

    The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the…

  • CVE-2017-8218CriApr 25, 2017
    risk 0.64cvss 9.8epss 0.02

    vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.

  • CVE-2017-8076CriApr 23, 2017
    risk 0.64cvss 9.8epss 0.01

    On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

  • CVE-2017-8075CriApr 23, 2017
    risk 0.64cvss 9.8epss 0.02

    On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

  • CVE-2017-8074CriApr 23, 2017
    risk 0.64cvss 9.8epss 0.02

    On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

  • CVE-2025-40634CriMay 20, 2025
    risk 0.60cvss epss 0.01

    Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. This vulnerability allows an attacker to execute arbitrary code on the device over LAN and WAN…

  • CVE-2018-12692HigJun 23, 2018
    risk 0.60cvss 8.8epss 0.29

    TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json.

  • CVE-2024-53375HigDec 2, 2024
    risk 0.58cvss 8.0epss 0.41

    An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the activation of the…

  • CVE-2024-5035HigMay 27, 2024
    risk 0.58cvss epss 0.03

    The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the…

  • CVE-2017-16957HigNov 27, 2017
    risk 0.58cvss 8.8epss 0.06

    TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in…

  • CVE-2026-8697HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.01

    Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. …

  • CVE-2026-3294HigMay 22, 2026
    risk 0.57cvss 8.8epss 0.00

    An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to…

  • CVE-2026-5039HigApr 23, 2026
    risk 0.57cvss 8.8epss 0.00

    TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to…

  • CVE-2026-5363HigApr 16, 2026
    risk 0.57cvss 8.8epss 0.00

    Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login.  An adjacent attacker…

  • CVE-2026-34121HigApr 2, 2026
    risk 0.57cvss 8.8epss 0.00

    An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append…

  • CVE-2026-3841HigMar 12, 2026
    risk 0.57cvss 8.8epss 0.02

    A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges…

  • CVE-2026-0834HigJan 21, 2026
    risk 0.57cvss 8.8epss 0.00

    Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can…

  • CVE-2026-0629HigJan 16, 2026
    risk 0.57cvss epss 0.00

    Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state. Attackers can gain full administrative access to…

  • CVE-2025-7724HigJul 22, 2025
    risk 0.57cvss epss 0.01

    An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1 Build 250407.

  • CVE-2018-15702HigOct 1, 2018
    risk 0.57cvss 8.8epss 0.00

    The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field.

  • CVE-2018-12577HigJul 2, 2018
    risk 0.57cvss 8.8epss 0.03

    The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.

  • CVE-2018-12574HigJul 2, 2018
    risk 0.57cvss 8.8epss 0.00

    CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.

  • CVE-2018-11481HigMay 30, 2018
    risk 0.57cvss 8.8epss 0.02

    TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.

  • CVE-2018-10168HigMay 3, 2018
    risk 0.57cvss 8.8epss 0.02

    TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.

  • CVE-2018-10166HigMay 3, 2018
    risk 0.57cvss 8.8epss 0.01

    The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled…

  • CVE-2017-17758HigDec 19, 2017
    risk 0.57cvss 8.8epss 0.03

    TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua…

  • CVE-2017-17757HigDec 19, 2017
    risk 0.57cvss 8.8epss 0.03

    TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua…

  • CVE-2017-16960HigNov 27, 2017
    risk 0.57cvss 8.8epss 0.02

    TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in…

  • CVE-2017-16958HigNov 27, 2017
    risk 0.57cvss 8.8epss 0.03

    TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in…

  • CVE-2025-9961HigSep 6, 2025
    risk 0.56cvss epss 0.10

    An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.  The exploit can only be conducted via a Man-In-The-Middle (MITM) attack.  This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500…

  • CVE-2026-9151HigJun 10, 2026
    risk 0.55cvss epss 0.01

    An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN…

  • CVE-2026-8913HigJun 8, 2026
    risk 0.55cvss epss 0.01

    A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute…

  • CVE-2025-7723HigJul 22, 2025
    risk 0.55cvss epss 0.01

    A command injection vulnerability exists that can be exploited after authentication in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1 Build 250407.

  • CVE-2024-54126HigDec 5, 2024
    risk 0.55cvss epss 0.00

    This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading…

  • CVE-2026-6250HigJun 11, 2026
    risk 0.53cvss 8.1epss 0.00

    An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input.  Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data…

  • CVE-2025-15517HigMar 23, 2026
    risk 0.53cvss 8.1epss 0.03

    A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware…

  • CVE-2025-9293HigFeb 13, 2026
    risk 0.53cvss 8.1epss 0.00

    A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position…

Page 1 of 12