VYPR

Vendor CVEs

TP-Link

All CVEs

551 total · sorted by risk
  • CVE-2025-14300HigDec 20, 2025
    risk 0.53cvss 8.1epss 0.00

    The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service…

  • CVE-2026-30818HigApr 8, 2026
    risk 0.52cvss 8.0epss 0.01

    An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may…

  • CVE-2026-30815HigApr 8, 2026
    risk 0.52cvss 8.0epss 0.01

    An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation…

  • CVE-2026-30814HigApr 8, 2026
    risk 0.52cvss 8.0epss 0.00

    A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a…

  • CVE-2025-15568HigMar 9, 2026
    risk 0.52cvss 8.0epss 0.01

    A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation…

  • CVE-2025-32107HigApr 11, 2025
    risk 0.52cvss 8.0epss 0.02

    OS command injection vulnerability exists in Deco BE65 Pro firmware versions prior to "Deco BE65 Pro(JP)_V1_1.1.2 Build 20250123". If this vulnerability is exploited, an arbitrary OS command may be executed by the user who can log in to the device.

  • CVE-2018-15172HigAug 15, 2018
    risk 0.52cvss 7.5epss 0.08

    TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.

  • CVE-2018-14336HigJul 19, 2018
    risk 0.52cvss 7.5epss 0.08

    TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.

  • CVE-2026-0651HigFeb 10, 2026
    risk 0.51cvss 7.8epss 0.00

    A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization…

  • CVE-2026-34126HigMay 28, 2026
    risk 0.49cvss 7.5epss 0.00

    TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker…

  • CVE-2026-3622HigMar 26, 2026
    risk 0.49cvss 7.5epss 0.00

    The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service…

  • CVE-2025-15606HigMar 23, 2026
    risk 0.49cvss 7.5epss 0.00

    A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause…

  • CVE-2025-9292HigFeb 13, 2026
    risk 0.49cvss 7.5epss 0.00

    A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web…

  • CVE-2026-0919HigJan 27, 2026
    risk 0.49cvss 7.5epss 0.01

    The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An…

  • CVE-2026-0918HigJan 27, 2026
    risk 0.49cvss 7.5epss 0.01

    The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An…

  • CVE-2023-28760HigOct 2, 2025
    risk 0.49cvss 7.5epss 0.03

    TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow…

  • CVE-2025-29089HigSep 9, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain sensitive information

  • CVE-2024-53623HigNov 29, 2024
    risk 0.49cvss 7.5epss 0.00

    Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.

  • CVE-2024-46549HigSep 30, 2024
    risk 0.49cvss 7.6epss 0.00

    An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.

  • CVE-2018-12694HigJun 23, 2018
    risk 0.49cvss 7.5epss 0.01

    TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json.

  • CVE-2018-10167HigMay 3, 2018
    risk 0.49cvss 7.5epss 0.01

    The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify…

  • CVE-2017-8077HigApr 23, 2017
    risk 0.49cvss 7.5epss 0.01

    On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

  • CVE-2016-1000009HigOct 6, 2016
    risk 0.49cvss 7.5epss 0.01

    TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices.

  • CVE-2026-5509HigMay 27, 2026
    risk 0.47cvss 7.2epss 0.02

    An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can…

  • CVE-2025-15605HigMar 23, 2026
    risk 0.47cvss 7.3epss 0.00

    A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them,…

  • CVE-2025-15519HigMar 23, 2026
    risk 0.47cvss 7.2epss 0.01

    Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary…

  • CVE-2025-15518HigMar 23, 2026
    risk 0.47cvss 7.2epss 0.01

    Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary…

  • CVE-2026-22226HigFeb 2, 2026
    risk 0.47cvss 7.2epss 0.02

    A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device,…

  • CVE-2017-15637HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.

  • CVE-2017-15636HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.

  • CVE-2017-15635HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.

  • CVE-2017-15634HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.

  • CVE-2017-15633HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.

  • CVE-2017-15632HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.03

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.

  • CVE-2017-15631HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.

  • CVE-2017-15630HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file.

  • CVE-2017-15629HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.

  • CVE-2017-15628HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file.

  • CVE-2017-15627HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file.

  • CVE-2017-15626HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file.

  • CVE-2017-15625HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file.

  • CVE-2017-15624HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file.

  • CVE-2017-15623HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file.

  • CVE-2017-15622HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.03

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file.

  • CVE-2017-15621HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file.

  • CVE-2017-15620HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file.

  • CVE-2017-15619HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file.

  • CVE-2017-15618HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.

  • CVE-2017-15617HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.

  • CVE-2017-15616HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.

Page 2 of 12