Vendor CVEs
TP-Link
All CVEs
551 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-0653 | 0.00 | — | 0.00 | Feb 10, 2026 | On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change… | |||
| CVE-2025-15557 | 0.00 | — | 0.00 | Feb 5, 2026 | An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of… | |||
| CVE-2025-62673 | 0.00 | — | 0.01 | Feb 3, 2026 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects… | |||
| CVE-2025-62501 | 0.00 | — | 0.00 | Feb 3, 2026 | SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) attack. This could enable unauthorized access if captured credentials are… | |||
| CVE-2025-62405 | 0.00 | — | 0.00 | Feb 3, 2026 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the… | |||
| CVE-2025-62404 | 0.00 | — | 0.00 | Feb 3, 2026 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected… | |||
| CVE-2025-61983 | 0.00 | — | 0.00 | Feb 3, 2026 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields… | |||
| CVE-2025-61944 | 0.00 | — | 0.00 | Feb 3, 2026 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields… | |||
| CVE-2025-59487 | 0.00 | — | 0.00 | Feb 3, 2026 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset… | |||
| CVE-2025-59482 | 0.00 | — | 0.00 | Feb 3, 2026 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the… | |||
| CVE-2025-58455 | 0.00 | — | 0.00 | Feb 3, 2026 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected… | |||
| CVE-2025-58077 | 0.00 | — | 0.00 | Feb 3, 2026 | Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of… | |||
| CVE-2026-22228 | 0.00 | — | 0.00 | Feb 3, 2026 | An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring… | |||
| CVE-2026-22220 | 0.00 | — | 0.00 | Feb 3, 2026 | A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high… | |||
| CVE-2026-22229 | 0.00 | — | 0.02 | Feb 2, 2026 | A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control… | |||
| CVE-2026-22227 | 0.00 | — | 0.03 | Feb 2, 2026 | A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in… | |||
| CVE-2026-22225 | 0.00 | — | 0.03 | Feb 2, 2026 | A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in… | |||
| CVE-2026-22224 | 0.00 | — | 0.03 | Feb 2, 2026 | A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe… | |||
| CVE-2026-22223 | 0.00 | — | 0.01 | Feb 2, 2026 | An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise… | |||
| CVE-2026-22222 | 0.00 | — | 0.01 | Feb 2, 2026 | An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe… | |||
| CVE-2026-0631 | 0.00 | — | 0.01 | Feb 2, 2026 | An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe… | |||
| CVE-2026-0630 | 0.00 | — | 0.01 | Feb 2, 2026 | An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device,… | |||
| CVE-2026-22221 | 0.00 | — | 0.01 | Feb 2, 2026 | An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise… | |||
| CVE-2026-1457 | 0.00 | — | 0.07 | Jan 29, 2026 | An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges. | |||
| CVE-2025-15545 | 0.00 | — | 0.00 | Jan 29, 2026 | The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation… | |||
| CVE-2026-1315 | 0.00 | — | 0.01 | Jan 27, 2026 | By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual… | |||
| CVE-2025-9522 | 0.00 | — | 0.00 | Jan 26, 2026 | Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information. | |||
| CVE-2025-9521 | 0.00 | — | 0.00 | Jan 26, 2026 | Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security. | |||
| CVE-2025-9520 | 0.00 | — | 0.00 | Jan 26, 2026 | An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account. | |||
| CVE-2025-14756 | 0.00 | — | 0.03 | Jan 26, 2026 | Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to… | |||
| CVE-2025-9290 | 0.00 | — | 0.00 | Jan 22, 2026 | An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge… | |||
| CVE-2025-9289 | 0.00 | — | 0.00 | Jan 22, 2026 | A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated… | |||
| CVE-2025-9014 | 0.00 | — | 0.00 | Jan 15, 2026 | A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This… | |||
| CVE-2025-15035 | 0.00 | — | 0.00 | Jan 9, 2026 | Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects… | |||
| CVE-2025-14631 | 0.00 | — | 0.00 | Jan 7, 2026 | A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914. | |||
| CVE-2025-14175 | 0.00 | — | 0.00 | Dec 29, 2025 | A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality. | |||
| CVE-2025-14299 | 0.00 | — | 0.00 | Dec 20, 2025 | The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device… | |||
| CVE-2025-14738 | 0.00 | — | 0.00 | Dec 18, 2025 | Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922. | |||
| CVE-2025-14737 | 0.00 | — | 0.01 | Dec 18, 2025 | Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922. | |||
| CVE-2025-7851 | 0.00 | — | 0.01 | Oct 21, 2025 | An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways. | |||
| CVE-2025-7850 | 0.00 | — | 0.02 | Oct 21, 2025 | A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways. | |||
| CVE-2025-6542 | 0.00 | — | 0.01 | Oct 21, 2025 | An arbitrary OS command may be executed on the product by a remote unauthenticated attacker. | |||
| CVE-2025-6541 | 0.00 | — | 0.01 | Oct 21, 2025 | An arbitrary OS command may be executed on the product by the user who can log in to the web management interface. | |||
| CVE-2025-8627 | 0.00 | — | 0.00 | Aug 25, 2025 | The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0. | |||
| CVE-2025-53715 | 0.00 | — | 0.00 | Jul 29, 2025 | A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wan6to4TunnelCfgRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service… | |||
| CVE-2025-53714 | 0.00 | — | 0.00 | Jul 29, 2025 | A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WzdWlanSiteSurveyRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a… | |||
| CVE-2025-53713 | 0.00 | — | 0.00 | Jul 29, 2025 | A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_APC.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service… | |||
| CVE-2025-53712 | 0.00 | — | 0.00 | Jul 29, 2025 | A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service… | |||
| CVE-2025-53711 | 0.00 | — | 0.00 | Jul 29, 2025 | A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and… | |||
| CVE-2025-6151 | 0.00 | — | 0.03 | Jun 17, 2025 | A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm, which may lead to buffer overflow. The attack may be launched remotely. This vulnerability only affects… |
- CVE-2026-0653Feb 10, 2026risk 0.00cvss —epss 0.00
On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change…
- CVE-2025-15557Feb 5, 2026risk 0.00cvss —epss 0.00
An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of…
- CVE-2025-62673Feb 3, 2026risk 0.00cvss —epss 0.01
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects…
- CVE-2025-62501Feb 3, 2026risk 0.00cvss —epss 0.00
SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) attack. This could enable unauthorized access if captured credentials are…
- CVE-2025-62405Feb 3, 2026risk 0.00cvss —epss 0.00
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the…
- CVE-2025-62404Feb 3, 2026risk 0.00cvss —epss 0.00
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected…
- CVE-2025-61983Feb 3, 2026risk 0.00cvss —epss 0.00
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields…
- CVE-2025-61944Feb 3, 2026risk 0.00cvss —epss 0.00
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields…
- CVE-2025-59487Feb 3, 2026risk 0.00cvss —epss 0.00
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset…
- CVE-2025-59482Feb 3, 2026risk 0.00cvss —epss 0.00
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the…
- CVE-2025-58455Feb 3, 2026risk 0.00cvss —epss 0.00
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected…
- CVE-2025-58077Feb 3, 2026risk 0.00cvss —epss 0.00
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of…
- CVE-2026-22228Feb 3, 2026risk 0.00cvss —epss 0.00
An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring…
- CVE-2026-22220Feb 3, 2026risk 0.00cvss —epss 0.00
A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high…
- CVE-2026-22229Feb 2, 2026risk 0.00cvss —epss 0.02
A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control…
- CVE-2026-22227Feb 2, 2026risk 0.00cvss —epss 0.03
A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in…
- CVE-2026-22225Feb 2, 2026risk 0.00cvss —epss 0.03
A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in…
- CVE-2026-22224Feb 2, 2026risk 0.00cvss —epss 0.03
A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe…
- CVE-2026-22223Feb 2, 2026risk 0.00cvss —epss 0.01
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise…
- CVE-2026-22222Feb 2, 2026risk 0.00cvss —epss 0.01
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe…
- CVE-2026-0631Feb 2, 2026risk 0.00cvss —epss 0.01
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe…
- CVE-2026-0630Feb 2, 2026risk 0.00cvss —epss 0.01
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device,…
- CVE-2026-22221Feb 2, 2026risk 0.00cvss —epss 0.01
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise…
- CVE-2026-1457Jan 29, 2026risk 0.00cvss —epss 0.07
An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.
- CVE-2025-15545Jan 29, 2026risk 0.00cvss —epss 0.00
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation…
- CVE-2026-1315Jan 27, 2026risk 0.00cvss —epss 0.01
By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual…
- CVE-2025-9522Jan 26, 2026risk 0.00cvss —epss 0.00
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information.
- CVE-2025-9521Jan 26, 2026risk 0.00cvss —epss 0.00
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security.
- CVE-2025-9520Jan 26, 2026risk 0.00cvss —epss 0.00
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.
- CVE-2025-14756Jan 26, 2026risk 0.00cvss —epss 0.03
Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to…
- CVE-2025-9290Jan 22, 2026risk 0.00cvss —epss 0.00
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge…
- CVE-2025-9289Jan 22, 2026risk 0.00cvss —epss 0.00
A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated…
- CVE-2025-9014Jan 15, 2026risk 0.00cvss —epss 0.00
A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This…
- CVE-2025-15035Jan 9, 2026risk 0.00cvss —epss 0.00
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects…
- CVE-2025-14631Jan 7, 2026risk 0.00cvss —epss 0.00
A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.
- CVE-2025-14175Dec 29, 2025risk 0.00cvss —epss 0.00
A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality.
- CVE-2025-14299Dec 20, 2025risk 0.00cvss —epss 0.00
The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device…
- CVE-2025-14738Dec 18, 2025risk 0.00cvss —epss 0.00
Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.
- CVE-2025-14737Dec 18, 2025risk 0.00cvss —epss 0.01
Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.
- CVE-2025-7851Oct 21, 2025risk 0.00cvss —epss 0.01
An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
- CVE-2025-7850Oct 21, 2025risk 0.00cvss —epss 0.02
A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.
- CVE-2025-6542Oct 21, 2025risk 0.00cvss —epss 0.01
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.
- CVE-2025-6541Oct 21, 2025risk 0.00cvss —epss 0.01
An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.
- CVE-2025-8627Aug 25, 2025risk 0.00cvss —epss 0.00
The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0.
- CVE-2025-53715Jul 29, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wan6to4TunnelCfgRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service…
- CVE-2025-53714Jul 29, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WzdWlanSiteSurveyRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a…
- CVE-2025-53713Jul 29, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_APC.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service…
- CVE-2025-53712Jul 29, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service…
- CVE-2025-53711Jul 29, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and…
- CVE-2025-6151Jun 17, 2025risk 0.00cvss —epss 0.03
A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm, which may lead to buffer overflow. The attack may be launched remotely. This vulnerability only affects…
Page 6 of 12