VYPR

Vendor CVEs

TP-Link

All CVEs

551 total · sorted by risk
  • CVE-2017-15615HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file.

  • CVE-2017-15614HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.

  • CVE-2017-15613HigJan 11, 2018
    risk 0.47cvss 7.2epss 0.04

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file.

  • CVE-2026-8714HigJun 5, 2026
    risk 0.46cvss epss 0.00

    A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input.  Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state. Successful…

  • CVE-2025-14553HigDec 16, 2025
    risk 0.46cvss epss 0.00

    Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains…

  • CVE-2025-11676HigNov 20, 2025
    risk 0.46cvss epss 0.00

    Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 (UPnP modules), which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 <= Build 220801.

  • CVE-2025-10991HigSep 30, 2025
    risk 0.46cvss epss 0.00

    The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device. This issue affects Tapo D230S1 V1.20: before 1.2.2 Build 20250907.

  • CVE-2024-12342MedDec 8, 2024
    risk 0.46cvss 6.5epss 0.09

    A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has been rated as critical. This issue affects some unknown processing of the file /control/WANIPConnection of the component Incomplete SOAP Request Handler. The manipulation leads to denial of service. The…

  • CVE-2025-6982MedJul 16, 2025
    risk 0.45cvss epss 0.00

    Use of Hard-coded Credentials in TP-Link Archer C50 V3( <= 180703)/V4( <= 250117 )/V5( <= 200407 ), and C20 V5 (<US_V5_260419 or <EU_V5_260317) allows attackers to decrypt the config.xml files.

  • CVE-2026-6242MedJun 6, 2026
    risk 0.44cvss epss 0.00

    An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or…

  • CVE-2026-6241MedJun 6, 2026
    risk 0.44cvss epss 0.00

    An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to…

  • CVE-2026-6239MedJun 6, 2026
    risk 0.44cvss epss 0.00

    A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request…

  • CVE-2026-4346MedMar 26, 2026
    risk 0.44cvss 6.8epss 0.00

    The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability…

  • CVE-2026-3227MedMar 16, 2026
    risk 0.44cvss 6.8epss 0.01

    A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted…

  • CVE-2025-14739MedDec 18, 2025
    risk 0.44cvss epss 0.00

    Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack and potentially arbitrary code execution under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤…

  • CVE-2018-12693MedJun 23, 2018
    risk 0.44cvss 6.5epss 0.16

    Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json.

  • CVE-2017-17746MedDec 20, 2017
    risk 0.44cvss 6.8epss 0.02

    Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a…

  • CVE-2018-13134MedJul 4, 2018
    risk 0.43cvss 6.1epss 0.02

    TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.

  • CVE-2017-15291MedOct 20, 2017
    risk 0.43cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field.

  • CVE-2026-1871MedJun 2, 2026
    risk 0.42cvss 6.5epss 0.00

    TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core…

  • CVE-2026-34124MedApr 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker…

  • CVE-2026-34122MedApr 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable…

  • CVE-2026-34120MedApr 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network…

  • CVE-2026-34119MedApr 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied…

  • CVE-2026-34118MedApr 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied…

  • CVE-2025-8065MedDec 20, 2025
    risk 0.42cvss 6.5epss 0.00

    A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a…

  • CVE-2018-15701MedOct 1, 2018
    risk 0.42cvss 6.5epss 0.01

    The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field.

  • CVE-2018-15700MedOct 1, 2018
    risk 0.42cvss 6.5epss 0.01

    The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field.

  • CVE-2018-17018MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name.

  • CVE-2018-17017MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for dhcpd udhcpd enable.

  • CVE-2018-17016MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for reboot_timer name.

  • CVE-2018-17015MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username.

  • CVE-2018-17014MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ip_mac_bind name.

  • CVE-2018-17013MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate.

  • CVE-2018-17012MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit.

  • CVE-2018-17011MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun.

  • CVE-2018-17010MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g bandwidth.

  • CVE-2018-17009MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate.

  • CVE-2018-17008MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power.

  • CVE-2018-17007MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_wds_2g ssid.

  • CVE-2018-17006MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2.

  • CVE-2018-17005MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable.

  • CVE-2018-17004MedSep 13, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name.

  • CVE-2017-17747MedDec 20, 2017
    risk 0.42cvss 6.5epss 0.01

    Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.

  • CVE-2017-16959MedNov 27, 2017
    risk 0.42cvss 6.5epss 0.02

    The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted…

  • CVE-2017-10796MedJul 2, 2017
    risk 0.42cvss 6.5epss 0.01

    On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL.

  • CVE-2017-8219MedApr 25, 2017
    risk 0.42cvss 6.5epss 0.01

    TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.

  • CVE-2024-46548MedSep 30, 2024
    risk 0.41cvss 6.3epss 0.00

    TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack.

  • CVE-2026-0620MedFeb 3, 2026
    risk 0.39cvss epss 0.00

    When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled.  This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality.

  • CVE-2026-30817MedApr 8, 2026
    risk 0.37cvss 5.7epss 0.00

    An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary…

Page 3 of 12