VYPR

Vendor CVEs

TP-Link

All CVEs

551 total · sorted by risk
  • CVE-2023-49908Apr 9, 2024
    risk 0.00cvss epss 0.02

    A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An…

  • CVE-2023-49907Apr 9, 2024
    risk 0.00cvss epss 0.02

    A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An…

  • CVE-2023-49906Apr 9, 2024
    risk 0.00cvss epss 0.02

    A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An…

  • CVE-2024-1180Apr 3, 2024
    risk 0.00cvss epss 0.01

    TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. …

  • CVE-2024-1179Apr 1, 2024
    risk 0.00cvss epss 0.01

    TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to…

  • CVE-2024-25139Mar 14, 2024
    risk 0.00cvss epss 0.01

    In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level.…

  • CVE-2024-2188Mar 5, 2024
    risk 0.00cvss epss 0.01

    Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within…

  • CVE-2023-43318Mar 5, 2024
    risk 0.00cvss epss 0.01

    TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.

  • CVE-2023-43482Feb 6, 2024
    risk 0.00cvss epss 0.03

    A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to…

  • CVE-2023-36498Feb 6, 2024
    risk 0.00cvss epss 0.03

    A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an…

  • CVE-2023-47209Feb 6, 2024
    risk 0.00cvss epss 0.03

    A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an…

  • CVE-2023-47167Feb 6, 2024
    risk 0.00cvss epss 0.03

    A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated…

  • CVE-2023-42664Feb 6, 2024
    risk 0.00cvss epss 0.03

    A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an…

  • CVE-2023-46683Feb 6, 2024
    risk 0.00cvss epss 0.03

    A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can…

  • CVE-2023-47617Feb 6, 2024
    risk 0.00cvss epss 0.03

    A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an…

  • CVE-2023-47618Feb 6, 2024
    risk 0.00cvss epss 0.02

    A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an…

  • CVE-2023-49515Jan 17, 2024
    risk 0.00cvss epss 0.00

    Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.

  • CVE-2024-21833Jan 10, 2024
    risk 0.00cvss epss 0.01

    Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.

  • CVE-2024-21821Jan 10, 2024
    risk 0.00cvss epss 0.00

    Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands.

  • CVE-2024-21773Jan 10, 2024
    risk 0.00cvss epss 0.01

    Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.

  • CVE-2023-27098Jan 9, 2024
    risk 0.00cvss epss 0.00

    TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.

  • CVE-2023-34829Dec 28, 2023
    risk 0.00cvss epss 0.00

    Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.

  • CVE-2023-39610Oct 31, 2023
    risk 0.00cvss epss 0.00

    An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.

  • CVE-2023-46537Oct 25, 2023
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister.

  • CVE-2023-46520Oct 25, 2023
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle.

  • CVE-2023-46535Oct 25, 2023
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.

  • CVE-2023-46539Oct 25, 2023
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle.

  • CVE-2023-46538Oct 25, 2023
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister.

  • CVE-2023-46526Oct 25, 2023
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister.

  • CVE-2023-46523Oct 25, 2023
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister.

  • CVE-2023-46522Oct 25, 2023
    risk 0.00cvss epss 0.01

    TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister.

  • CVE-2023-46534Oct 25, 2023
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister.

  • CVE-2023-46536Oct 25, 2023
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister.

  • CVE-2023-46525Oct 25, 2023
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.

  • CVE-2023-46527Oct 25, 2023
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle.

  • CVE-2023-46521Oct 25, 2023
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister.

  • CVE-2023-46373Oct 24, 2023
    risk 0.00cvss epss 0.01

    TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses.

  • CVE-2023-46371Oct 24, 2023
    risk 0.00cvss epss 0.01

    TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.

  • CVE-2023-38907Sep 25, 2023
    risk 0.00cvss epss 0.01

    An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.

  • CVE-2023-43138Sep 20, 2023
    risk 0.00cvss epss 0.02

    TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.

  • CVE-2023-43135Sep 20, 2023
    risk 0.00cvss epss 0.01

    There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

  • CVE-2023-43137Sep 20, 2023
    risk 0.00cvss epss 0.02

    TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.

  • CVE-2023-36489Sep 6, 2023
    risk 0.00cvss epss 0.00

    Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to…

  • CVE-2023-31188Sep 6, 2023
    risk 0.00cvss epss 0.00

    Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer…

  • CVE-2023-32619Sep 6, 2023
    risk 0.00cvss epss 0.00

    Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary…

  • CVE-2023-37284Sep 6, 2023
    risk 0.00cvss epss 0.00

    Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.

  • CVE-2023-38563Sep 6, 2023
    risk 0.00cvss epss 0.00

    Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.

  • CVE-2023-38568Sep 6, 2023
    risk 0.00cvss epss 0.00

    Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.

  • CVE-2023-38588Sep 6, 2023
    risk 0.00cvss epss 0.00

    Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

  • CVE-2023-39224Sep 6, 2023
    risk 0.00cvss epss 0.00

    Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.

Page 8 of 12