VYPR

Vendor CVEs

TP-Link

All CVEs

551 total · sorted by risk
  • CVE-2026-0653Feb 10, 2026
    risk 0.00cvss epss 0.00

    On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change…

  • CVE-2025-15557Feb 5, 2026
    risk 0.00cvss epss 0.00

    An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications.  This may compromise the confidentiality and integrity of…

  • CVE-2025-62673Feb 3, 2026
    risk 0.00cvss epss 0.01

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects…

  • CVE-2025-62501Feb 3, 2026
    risk 0.00cvss epss 0.00

    SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) attack. This could enable unauthorized access if captured credentials are…

  • CVE-2025-62405Feb 3, 2026
    risk 0.00cvss epss 0.00

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the…

  • CVE-2025-62404Feb 3, 2026
    risk 0.00cvss epss 0.00

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected…

  • CVE-2025-61983Feb 3, 2026
    risk 0.00cvss epss 0.00

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields…

  • CVE-2025-61944Feb 3, 2026
    risk 0.00cvss epss 0.00

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields…

  • CVE-2025-59487Feb 3, 2026
    risk 0.00cvss epss 0.00

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset…

  • CVE-2025-59482Feb 3, 2026
    risk 0.00cvss epss 0.00

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the…

  • CVE-2025-58455Feb 3, 2026
    risk 0.00cvss epss 0.00

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected…

  • CVE-2025-58077Feb 3, 2026
    risk 0.00cvss epss 0.00

    Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of…

  • CVE-2026-22228Feb 3, 2026
    risk 0.00cvss epss 0.00

    An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring…

  • CVE-2026-22220Feb 3, 2026
    risk 0.00cvss epss 0.00

    A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high…

  • CVE-2026-22229Feb 2, 2026
    risk 0.00cvss epss 0.02

    A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control…

  • CVE-2026-22227Feb 2, 2026
    risk 0.00cvss epss 0.03

    A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in…

  • CVE-2026-22225Feb 2, 2026
    risk 0.00cvss epss 0.03

    A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2  and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in…

  • CVE-2026-22224Feb 2, 2026
    risk 0.00cvss epss 0.03

    A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe…

  • CVE-2026-22223Feb 2, 2026
    risk 0.00cvss epss 0.01

    An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise…

  • CVE-2026-22222Feb 2, 2026
    risk 0.00cvss epss 0.01

    An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe…

  • CVE-2026-0631Feb 2, 2026
    risk 0.00cvss epss 0.01

    An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe…

  • CVE-2026-0630Feb 2, 2026
    risk 0.00cvss epss 0.01

    An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device,…

  • CVE-2026-22221Feb 2, 2026
    risk 0.00cvss epss 0.01

    An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise…

  • CVE-2026-1457Jan 29, 2026
    risk 0.00cvss epss 0.07

    An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.

  • CVE-2025-15545Jan 29, 2026
    risk 0.00cvss epss 0.00

    The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation…

  • CVE-2026-1315Jan 27, 2026
    risk 0.00cvss epss 0.01

    By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual…

  • CVE-2025-9522Jan 26, 2026
    risk 0.00cvss epss 0.00

    Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information.

  • CVE-2025-9521Jan 26, 2026
    risk 0.00cvss epss 0.00

    Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security.

  • CVE-2025-9520Jan 26, 2026
    risk 0.00cvss epss 0.00

    An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.

  • CVE-2025-14756Jan 26, 2026
    risk 0.00cvss epss 0.03

    Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to…

  • CVE-2025-9290Jan 22, 2026
    risk 0.00cvss epss 0.00

    An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge…

  • CVE-2025-9289Jan 22, 2026
    risk 0.00cvss epss 0.00

    A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated…

  • CVE-2025-9014Jan 15, 2026
    risk 0.00cvss epss 0.00

    A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation.  A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This…

  • CVE-2025-15035Jan 9, 2026
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects…

  • CVE-2025-14631Jan 7, 2026
    risk 0.00cvss epss 0.00

    A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows  an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.

  • CVE-2025-14175Dec 29, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality.

  • CVE-2025-14299Dec 20, 2025
    risk 0.00cvss epss 0.00

    The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device…

  • CVE-2025-14738Dec 18, 2025
    risk 0.00cvss epss 0.00

    Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.

  • CVE-2025-14737Dec 18, 2025
    risk 0.00cvss epss 0.01

    Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.

  • CVE-2025-7851Oct 21, 2025
    risk 0.00cvss epss 0.01

    An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.

  • CVE-2025-7850Oct 21, 2025
    risk 0.00cvss epss 0.02

    A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.

  • CVE-2025-6542Oct 21, 2025
    risk 0.00cvss epss 0.01

    An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.

  • CVE-2025-6541Oct 21, 2025
    risk 0.00cvss epss 0.01

    An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.

  • CVE-2025-8627Aug 25, 2025
    risk 0.00cvss epss 0.00

    The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0.

  • CVE-2025-53715Jul 29, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wan6to4TunnelCfgRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service…

  • CVE-2025-53714Jul 29, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WzdWlanSiteSurveyRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a…

  • CVE-2025-53713Jul 29, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_APC.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service…

  • CVE-2025-53712Jul 29, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service…

  • CVE-2025-53711Jul 29, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and…

  • CVE-2025-6151Jun 17, 2025
    risk 0.00cvss epss 0.03

    A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm, which may lead to buffer overflow. The attack may be launched remotely. This vulnerability only affects…

Page 6 of 12