VYPR

Vendor CVEs

TP-Link

All CVEs

551 total · sorted by risk
  • CVE-2022-41783Dec 7, 2022
    risk 0.00cvss epss 0.00

    tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function.

  • CVE-2022-4296Dec 6, 2022
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to…

  • CVE-2022-42202Oct 18, 2022
    risk 0.00cvss epss 0.00

    TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).

  • CVE-2022-41541Oct 18, 2022
    risk 0.00cvss epss 0.01

    TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user.

  • CVE-2022-41540Oct 18, 2022
    risk 0.00cvss epss 0.01

    The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via…

  • CVE-2022-40486Sep 28, 2022
    risk 0.00cvss epss 0.01

    TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file.

  • CVE-2022-34555Jul 28, 2022
    risk 0.00cvss epss 0.20

    TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet.

  • CVE-2022-32058Jul 7, 2022
    risk 0.00cvss epss 0.01

    An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

  • CVE-2022-33087Jun 30, 2022
    risk 0.00cvss epss 0.01

    A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2022-29402May 25, 2022
    risk 0.00cvss epss 0.00

    TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.

  • CVE-2022-26988May 10, 2022
    risk 0.00cvss epss 0.01

    TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution.

  • CVE-2022-26987May 10, 2022
    risk 0.00cvss epss 0.01

    TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.

  • CVE-2021-46122Apr 18, 2022
    risk 0.00cvss epss 0.01

    Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.

  • CVE-2022-26642Mar 28, 2022
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.

  • CVE-2022-26641Mar 28, 2022
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.

  • CVE-2022-26639Mar 28, 2022
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.

  • CVE-2022-26640Mar 28, 2022
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.

  • CVE-2021-44632Mar 9, 2022
    risk 0.00cvss epss 0.02

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

  • CVE-2021-44631Mar 9, 2022
    risk 0.00cvss epss 0.02

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request.

  • CVE-2021-44630Mar 9, 2022
    risk 0.00cvss epss 0.02

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

  • CVE-2021-44629Mar 9, 2022
    risk 0.00cvss epss 0.02

    A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

  • CVE-2021-44628Mar 9, 2022
    risk 0.00cvss epss 0.02

    A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

  • CVE-2021-44627Mar 9, 2022
    risk 0.00cvss epss 0.02

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

  • CVE-2021-44626Mar 9, 2022
    risk 0.00cvss epss 0.02

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

  • CVE-2021-44625Mar 9, 2022
    risk 0.00cvss epss 0.02

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.

  • CVE-2021-44623Mar 9, 2022
    risk 0.00cvss epss 0.02

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.

  • CVE-2021-44622Mar 9, 2022
    risk 0.00cvss epss 0.02

    A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.

  • CVE-2021-44032Mar 7, 2022
    risk 0.00cvss epss 0.02

    TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the…

  • CVE-2022-25074Feb 22, 2022
    risk 0.00cvss epss 0.13

    TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

  • CVE-2022-25072Feb 22, 2022
    risk 0.00cvss epss 0.13

    TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

  • CVE-2022-25073Feb 22, 2022
    risk 0.00cvss epss 0.13

    TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

  • CVE-2022-24355Feb 18, 2022
    risk 0.00cvss epss 0.02

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing…

  • CVE-2022-24354Feb 18, 2022
    risk 0.00cvss epss 0.02

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…

  • CVE-2022-22922Feb 18, 2022
    risk 0.00cvss epss 0.01

    TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.

  • CVE-2022-0162Feb 9, 2022
    risk 0.00cvss epss 0.01

    The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and…

  • CVE-2021-44864Feb 8, 2022
    risk 0.00cvss epss 0.10

    TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter.

  • CVE-2021-4144Dec 23, 2021
    risk 0.00cvss epss 0.02

    TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection.

  • CVE-2021-41450Dec 8, 2021
    risk 0.00cvss epss 0.02

    An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.

  • CVE-2021-40288Dec 7, 2021
    risk 0.00cvss epss 0.03

    A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames

  • CVE-2021-29280Aug 19, 2021
    risk 0.00cvss epss 0.01

    In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow

  • CVE-2021-38543Aug 11, 2021
    risk 0.00cvss epss 0.01

    TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a…

  • CVE-2021-28857Jun 15, 2021
    risk 0.00cvss epss 0.01

    TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.

  • CVE-2021-28858Jun 15, 2021
    risk 0.00cvss epss 0.00

    TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.

  • CVE-2021-31659Jun 10, 2021
    risk 0.00cvss epss 0.01

    TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator…

  • CVE-2021-31658Jun 10, 2021
    risk 0.00cvss epss 0.01

    TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause…

  • CVE-2020-17891May 14, 2021
    risk 0.00cvss epss 0.01

    TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code.

  • CVE-2021-26827Apr 14, 2021
    risk 0.00cvss epss 0.02

    Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the "/userRpm/popupSiteSurveyRpm.html" webpage, which crashes the router.

  • CVE-2021-3125Apr 12, 2021
    risk 0.00cvss epss 0.01

    In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and…

  • CVE-2021-27245Mar 29, 2021
    risk 0.00cvss epss 0.03

    This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of…

  • CVE-2021-3275Mar 26, 2021
    risk 0.00cvss epss 0.02

    Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices…

Page 10 of 12