Vendor CVEs
TP-Link
All CVEs
551 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14300 | Hig | 0.53 | 8.1 | 0.00 | Dec 20, 2025 | The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service… | ||
| CVE-2026-30818 | Hig | 0.52 | 8.0 | 0.01 | Apr 8, 2026 | An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may… | ||
| CVE-2026-30815 | Hig | 0.52 | 8.0 | 0.01 | Apr 8, 2026 | An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation… | ||
| CVE-2026-30814 | Hig | 0.52 | 8.0 | 0.00 | Apr 8, 2026 | A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a… | ||
| CVE-2025-15568 | Hig | 0.52 | 8.0 | 0.01 | Mar 9, 2026 | A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation… | ||
| CVE-2025-32107 | Hig | 0.52 | 8.0 | 0.02 | Apr 11, 2025 | OS command injection vulnerability exists in Deco BE65 Pro firmware versions prior to "Deco BE65 Pro(JP)_V1_1.1.2 Build 20250123". If this vulnerability is exploited, an arbitrary OS command may be executed by the user who can log in to the device. | ||
| CVE-2018-15172 | Hig | 0.52 | 7.5 | 0.08 | Aug 15, 2018 | TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. | ||
| CVE-2018-14336 | Hig | 0.52 | 7.5 | 0.08 | Jul 19, 2018 | TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses. | ||
| CVE-2026-0651 | Hig | 0.51 | 7.8 | 0.00 | Feb 10, 2026 | A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization… | ||
| CVE-2026-34126 | Hig | 0.49 | 7.5 | 0.00 | May 28, 2026 | TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker… | ||
| CVE-2026-3622 | Hig | 0.49 | 7.5 | 0.00 | Mar 26, 2026 | The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service… | ||
| CVE-2025-15606 | Hig | 0.49 | 7.5 | 0.00 | Mar 23, 2026 | A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause… | ||
| CVE-2025-9292 | Hig | 0.49 | 7.5 | 0.00 | Feb 13, 2026 | A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web… | ||
| CVE-2026-0919 | Hig | 0.49 | 7.5 | 0.01 | Jan 27, 2026 | The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An… | ||
| CVE-2026-0918 | Hig | 0.49 | 7.5 | 0.01 | Jan 27, 2026 | The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An… | ||
| CVE-2023-28760 | Hig | 0.49 | 7.5 | 0.03 | Oct 2, 2025 | TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow… | ||
| CVE-2025-29089 | Hig | 0.49 | 7.5 | 0.00 | Sep 9, 2025 | An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain sensitive information | ||
| CVE-2024-53623 | Hig | 0.49 | 7.5 | 0.00 | Nov 29, 2024 | Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information. | ||
| CVE-2024-46549 | Hig | 0.49 | 7.6 | 0.00 | Sep 30, 2024 | An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users. | ||
| CVE-2018-12694 | Hig | 0.49 | 7.5 | 0.01 | Jun 23, 2018 | TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. | ||
| CVE-2018-10167 | Hig | 0.49 | 7.5 | 0.01 | May 3, 2018 | The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify… | ||
| CVE-2017-8077 | Hig | 0.49 | 7.5 | 0.01 | Apr 23, 2017 | On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | ||
| CVE-2016-1000009 | Hig | 0.49 | 7.5 | 0.01 | Oct 6, 2016 | TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices. | ||
| CVE-2026-5509 | Hig | 0.47 | 7.2 | 0.02 | May 27, 2026 | An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can… | ||
| CVE-2025-15605 | Hig | 0.47 | 7.3 | 0.00 | Mar 23, 2026 | A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them,… | ||
| CVE-2025-15519 | Hig | 0.47 | 7.2 | 0.01 | Mar 23, 2026 | Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary… | ||
| CVE-2025-15518 | Hig | 0.47 | 7.2 | 0.01 | Mar 23, 2026 | Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary… | ||
| CVE-2026-22226 | Hig | 0.47 | 7.2 | 0.02 | Feb 2, 2026 | A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device,… | ||
| CVE-2017-15637 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file. | ||
| CVE-2017-15636 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file. | ||
| CVE-2017-15635 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file. | ||
| CVE-2017-15634 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file. | ||
| CVE-2017-15633 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file. | ||
| CVE-2017-15632 | Hig | 0.47 | 7.2 | 0.03 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file. | ||
| CVE-2017-15631 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file. | ||
| CVE-2017-15630 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file. | ||
| CVE-2017-15629 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file. | ||
| CVE-2017-15628 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file. | ||
| CVE-2017-15627 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file. | ||
| CVE-2017-15626 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file. | ||
| CVE-2017-15625 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file. | ||
| CVE-2017-15624 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file. | ||
| CVE-2017-15623 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file. | ||
| CVE-2017-15622 | Hig | 0.47 | 7.2 | 0.03 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file. | ||
| CVE-2017-15621 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file. | ||
| CVE-2017-15620 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file. | ||
| CVE-2017-15619 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file. | ||
| CVE-2017-15618 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file. | ||
| CVE-2017-15617 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file. | ||
| CVE-2017-15616 | Hig | 0.47 | 7.2 | 0.04 | Jan 11, 2018 | TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file. |
- risk 0.53cvss 8.1epss 0.00
The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service…
- risk 0.52cvss 8.0epss 0.01
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may…
- risk 0.52cvss 8.0epss 0.01
An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation…
- risk 0.52cvss 8.0epss 0.00
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a…
- risk 0.52cvss 8.0epss 0.01
A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation…
- risk 0.52cvss 8.0epss 0.02
OS command injection vulnerability exists in Deco BE65 Pro firmware versions prior to "Deco BE65 Pro(JP)_V1_1.1.2 Build 20250123". If this vulnerability is exploited, an arbitrary OS command may be executed by the user who can log in to the device.
- risk 0.52cvss 7.5epss 0.08
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.
- risk 0.52cvss 7.5epss 0.08
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
- risk 0.51cvss 7.8epss 0.00
A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization…
- risk 0.49cvss 7.5epss 0.00
TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker…
- risk 0.49cvss 7.5epss 0.00
The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service…
- risk 0.49cvss 7.5epss 0.00
A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause…
- risk 0.49cvss 7.5epss 0.00
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web…
- risk 0.49cvss 7.5epss 0.01
The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An…
- risk 0.49cvss 7.5epss 0.01
The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An…
- risk 0.49cvss 7.5epss 0.03
TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack-based buffer overflow…
- risk 0.49cvss 7.5epss 0.00
An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain sensitive information
- risk 0.49cvss 7.5epss 0.00
Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.
- risk 0.49cvss 7.6epss 0.00
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.
- risk 0.49cvss 7.5epss 0.01
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json.
- risk 0.49cvss 7.5epss 0.01
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify…
- risk 0.49cvss 7.5epss 0.01
On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
- risk 0.49cvss 7.5epss 0.01
TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices.
- risk 0.47cvss 7.2epss 0.02
An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can…
- risk 0.47cvss 7.3epss 0.00
A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them,…
- risk 0.47cvss 7.2epss 0.01
Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary…
- risk 0.47cvss 7.2epss 0.01
Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary…
- risk 0.47cvss 7.2epss 0.02
A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device,…
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.
- risk 0.47cvss 7.2epss 0.03
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file.
- risk 0.47cvss 7.2epss 0.03
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.
- risk 0.47cvss 7.2epss 0.04
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.
Page 2 of 12