Vendor CVEs
TP-Link
All CVEs
551 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-49908 | 0.00 | — | 0.02 | Apr 9, 2024 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An… | |||
| CVE-2023-49907 | 0.00 | — | 0.02 | Apr 9, 2024 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An… | |||
| CVE-2023-49906 | 0.00 | — | 0.02 | Apr 9, 2024 | A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An… | |||
| CVE-2024-1180 | 0.00 | — | 0.01 | Apr 3, 2024 | TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. … | |||
| CVE-2024-1179 | 0.00 | — | 0.01 | Apr 1, 2024 | TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to… | |||
| CVE-2024-25139 | 0.00 | — | 0.01 | Mar 14, 2024 | In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level.… | |||
| CVE-2024-2188 | 0.00 | — | 0.01 | Mar 5, 2024 | Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within… | |||
| CVE-2023-43318 | 0.00 | — | 0.01 | Mar 5, 2024 | TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests. | |||
| CVE-2023-43482 | 0.00 | — | 0.03 | Feb 6, 2024 | A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to… | |||
| CVE-2023-36498 | 0.00 | — | 0.03 | Feb 6, 2024 | A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an… | |||
| CVE-2023-47209 | 0.00 | — | 0.03 | Feb 6, 2024 | A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an… | |||
| CVE-2023-47167 | 0.00 | — | 0.03 | Feb 6, 2024 | A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated… | |||
| CVE-2023-42664 | 0.00 | — | 0.03 | Feb 6, 2024 | A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an… | |||
| CVE-2023-46683 | 0.00 | — | 0.03 | Feb 6, 2024 | A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can… | |||
| CVE-2023-47617 | 0.00 | — | 0.03 | Feb 6, 2024 | A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an… | |||
| CVE-2023-47618 | 0.00 | — | 0.02 | Feb 6, 2024 | A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an… | |||
| CVE-2023-49515 | 0.00 | — | 0.00 | Jan 17, 2024 | Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components. | |||
| CVE-2024-21833 | 0.00 | — | 0.01 | Jan 10, 2024 | Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi. | |||
| CVE-2024-21821 | 0.00 | — | 0.00 | Jan 10, 2024 | Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. | |||
| CVE-2024-21773 | 0.00 | — | 0.01 | Jan 10, 2024 | Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings. | |||
| CVE-2023-27098 | 0.00 | — | 0.00 | Jan 9, 2024 | TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | |||
| CVE-2023-34829 | 0.00 | — | 0.00 | Dec 28, 2023 | Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. | |||
| CVE-2023-39610 | 0.00 | — | 0.00 | Oct 31, 2023 | An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. | |||
| CVE-2023-46537 | 0.00 | — | 0.01 | Oct 25, 2023 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister. | |||
| CVE-2023-46520 | 0.00 | — | 0.01 | Oct 25, 2023 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle. | |||
| CVE-2023-46535 | 0.00 | — | 0.01 | Oct 25, 2023 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister. | |||
| CVE-2023-46539 | 0.00 | — | 0.01 | Oct 25, 2023 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. | |||
| CVE-2023-46538 | 0.00 | — | 0.01 | Oct 25, 2023 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister. | |||
| CVE-2023-46526 | 0.00 | — | 0.01 | Oct 25, 2023 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister. | |||
| CVE-2023-46523 | 0.00 | — | 0.01 | Oct 25, 2023 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister. | |||
| CVE-2023-46522 | 0.00 | — | 0.01 | Oct 25, 2023 | TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister. | |||
| CVE-2023-46534 | 0.00 | — | 0.01 | Oct 25, 2023 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister. | |||
| CVE-2023-46536 | 0.00 | — | 0.01 | Oct 25, 2023 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister. | |||
| CVE-2023-46525 | 0.00 | — | 0.01 | Oct 25, 2023 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister. | |||
| CVE-2023-46527 | 0.00 | — | 0.01 | Oct 25, 2023 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle. | |||
| CVE-2023-46521 | 0.00 | — | 0.01 | Oct 25, 2023 | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister. | |||
| CVE-2023-46373 | 0.00 | — | 0.01 | Oct 24, 2023 | TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses. | |||
| CVE-2023-46371 | 0.00 | — | 0.01 | Oct 24, 2023 | TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. | |||
| CVE-2023-38907 | 0.00 | — | 0.01 | Sep 25, 2023 | An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key. | |||
| CVE-2023-43138 | 0.00 | — | 0.02 | Sep 20, 2023 | TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. | |||
| CVE-2023-43135 | 0.00 | — | 0.01 | Sep 20, 2023 | There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | |||
| CVE-2023-43137 | 0.00 | — | 0.02 | Sep 20, 2023 | TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. | |||
| CVE-2023-36489 | 0.00 | — | 0.00 | Sep 6, 2023 | Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to… | |||
| CVE-2023-31188 | 0.00 | — | 0.00 | Sep 6, 2023 | Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer… | |||
| CVE-2023-32619 | 0.00 | — | 0.00 | Sep 6, 2023 | Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary… | |||
| CVE-2023-37284 | 0.00 | — | 0.00 | Sep 6, 2023 | Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication. | |||
| CVE-2023-38563 | 0.00 | — | 0.00 | Sep 6, 2023 | Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | |||
| CVE-2023-38568 | 0.00 | — | 0.00 | Sep 6, 2023 | Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | |||
| CVE-2023-38588 | 0.00 | — | 0.00 | Sep 6, 2023 | Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | |||
| CVE-2023-39224 | 0.00 | — | 0.00 | Sep 6, 2023 | Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided. |
- CVE-2023-49908Apr 9, 2024risk 0.00cvss —epss 0.02
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An…
- CVE-2023-49907Apr 9, 2024risk 0.00cvss —epss 0.02
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An…
- CVE-2023-49906Apr 9, 2024risk 0.00cvss —epss 0.02
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An…
- CVE-2024-1180Apr 3, 2024risk 0.00cvss —epss 0.01
TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. …
- CVE-2024-1179Apr 1, 2024risk 0.00cvss —epss 0.01
TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to…
- CVE-2024-25139Mar 14, 2024risk 0.00cvss —epss 0.01
In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level.…
- CVE-2024-2188Mar 5, 2024risk 0.00cvss —epss 0.01
Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within…
- CVE-2023-43318Mar 5, 2024risk 0.00cvss —epss 0.01
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.
- CVE-2023-43482Feb 6, 2024risk 0.00cvss —epss 0.03
A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to…
- CVE-2023-36498Feb 6, 2024risk 0.00cvss —epss 0.03
A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an…
- CVE-2023-47209Feb 6, 2024risk 0.00cvss —epss 0.03
A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an…
- CVE-2023-47167Feb 6, 2024risk 0.00cvss —epss 0.03
A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated…
- CVE-2023-42664Feb 6, 2024risk 0.00cvss —epss 0.03
A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an…
- CVE-2023-46683Feb 6, 2024risk 0.00cvss —epss 0.03
A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can…
- CVE-2023-47617Feb 6, 2024risk 0.00cvss —epss 0.03
A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an…
- CVE-2023-47618Feb 6, 2024risk 0.00cvss —epss 0.02
A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an…
- CVE-2023-49515Jan 17, 2024risk 0.00cvss —epss 0.00
Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.
- CVE-2024-21833Jan 10, 2024risk 0.00cvss —epss 0.01
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.
- CVE-2024-21821Jan 10, 2024risk 0.00cvss —epss 0.00
Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands.
- CVE-2024-21773Jan 10, 2024risk 0.00cvss —epss 0.01
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.
- CVE-2023-27098Jan 9, 2024risk 0.00cvss —epss 0.00
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
- CVE-2023-34829Dec 28, 2023risk 0.00cvss —epss 0.00
Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.
- CVE-2023-39610Oct 31, 2023risk 0.00cvss —epss 0.00
An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.
- CVE-2023-46537Oct 25, 2023risk 0.00cvss —epss 0.01
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister.
- CVE-2023-46520Oct 25, 2023risk 0.00cvss —epss 0.01
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle.
- CVE-2023-46535Oct 25, 2023risk 0.00cvss —epss 0.01
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.
- CVE-2023-46539Oct 25, 2023risk 0.00cvss —epss 0.01
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle.
- CVE-2023-46538Oct 25, 2023risk 0.00cvss —epss 0.01
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister.
- CVE-2023-46526Oct 25, 2023risk 0.00cvss —epss 0.01
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister.
- CVE-2023-46523Oct 25, 2023risk 0.00cvss —epss 0.01
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister.
- CVE-2023-46522Oct 25, 2023risk 0.00cvss —epss 0.01
TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister.
- CVE-2023-46534Oct 25, 2023risk 0.00cvss —epss 0.01
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister.
- CVE-2023-46536Oct 25, 2023risk 0.00cvss —epss 0.01
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister.
- CVE-2023-46525Oct 25, 2023risk 0.00cvss —epss 0.01
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.
- CVE-2023-46527Oct 25, 2023risk 0.00cvss —epss 0.01
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle.
- CVE-2023-46521Oct 25, 2023risk 0.00cvss —epss 0.01
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister.
- CVE-2023-46373Oct 24, 2023risk 0.00cvss —epss 0.01
TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses.
- CVE-2023-46371Oct 24, 2023risk 0.00cvss —epss 0.01
TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.
- CVE-2023-38907Sep 25, 2023risk 0.00cvss —epss 0.01
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.
- CVE-2023-43138Sep 20, 2023risk 0.00cvss —epss 0.02
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.
- CVE-2023-43135Sep 20, 2023risk 0.00cvss —epss 0.01
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.
- CVE-2023-43137Sep 20, 2023risk 0.00cvss —epss 0.02
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.
- CVE-2023-36489Sep 6, 2023risk 0.00cvss —epss 0.00
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to…
- CVE-2023-31188Sep 6, 2023risk 0.00cvss —epss 0.00
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer…
- CVE-2023-32619Sep 6, 2023risk 0.00cvss —epss 0.00
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary…
- CVE-2023-37284Sep 6, 2023risk 0.00cvss —epss 0.00
Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.
- CVE-2023-38563Sep 6, 2023risk 0.00cvss —epss 0.00
Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.
- CVE-2023-38568Sep 6, 2023risk 0.00cvss —epss 0.00
Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.
- CVE-2023-38588Sep 6, 2023risk 0.00cvss —epss 0.00
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
- CVE-2023-39224Sep 6, 2023risk 0.00cvss —epss 0.00
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.
Page 8 of 12