VYPR

Vendor CVEs

TP-Link

All CVEs

551 total · sorted by risk
  • CVE-2023-39935Sep 6, 2023
    risk 0.00cvss epss 0.00

    Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

  • CVE-2023-40193Sep 6, 2023
    risk 0.00cvss epss 0.00

    Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

  • CVE-2023-40357Sep 6, 2023
    risk 0.00cvss epss 0.00

    Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer…

  • CVE-2023-40531Sep 6, 2023
    risk 0.00cvss epss 0.00

    Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

  • CVE-2023-38909Aug 22, 2023
    risk 0.00cvss epss 0.01

    An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.

  • CVE-2023-38908Aug 22, 2023
    risk 0.00cvss epss 0.01

    An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.

  • CVE-2023-39745Aug 21, 2023
    risk 0.00cvss epss 0.01

    TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

  • CVE-2023-39748Aug 21, 2023
    risk 0.00cvss epss 0.01

    An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

  • CVE-2023-38906Aug 21, 2023
    risk 0.00cvss epss 0.00

    An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.

  • CVE-2023-31710Aug 1, 2023
    risk 0.00cvss epss 0.01

    TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.

  • CVE-2023-30383Jul 18, 2023
    risk 0.00cvss epss 0.01

    TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.

  • CVE-2023-36357Jun 22, 2023
    risk 0.00cvss epss 0.01

    An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

  • CVE-2023-36354Jun 22, 2023
    risk 0.00cvss epss 0.01

    TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET…

  • CVE-2023-36358Jun 22, 2023
    risk 0.00cvss epss 0.01

    TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

  • CVE-2023-36359Jun 22, 2023
    risk 0.00cvss epss 0.01

    TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

  • CVE-2023-36356Jun 22, 2023
    risk 0.00cvss epss 0.01

    TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

  • CVE-2023-34832Jun 16, 2023
    risk 0.00cvss epss 0.02

    TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4.

  • CVE-2023-29562Jun 13, 2023
    risk 0.00cvss epss 0.01

    TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale.

  • CVE-2023-27836Jun 13, 2023
    risk 0.00cvss epss 0.02

    TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.

  • CVE-2023-27837Jun 13, 2023
    risk 0.00cvss epss 0.02

    TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774.

  • CVE-2023-28478Jun 12, 2023
    risk 0.00cvss epss 0.00

    TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow.

  • CVE-2023-33536Jun 7, 2023
    risk 0.00cvss epss 0.01

    TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm.

  • CVE-2023-33537Jun 7, 2023
    risk 0.00cvss epss 0.01

    TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm.

  • CVE-2023-27126Jun 6, 2023
    risk 0.00cvss epss 0.00

    The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account…

  • CVE-2023-2646May 11, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be…

  • CVE-2023-28368Apr 11, 2023
    risk 0.00cvss epss 0.00

    TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake…

  • CVE-2022-43635Mar 29, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service,…

  • CVE-2022-42433Mar 29, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_V14_220121 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be…

  • CVE-2022-43636Mar 29, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which…

  • CVE-2022-24352Mar 28, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 211210 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko kernel module. The…

  • CVE-2022-24972Mar 28, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…

  • CVE-2022-24353Mar 28, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko…

  • CVE-2022-24973Mar 28, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd…

  • CVE-2022-0650Mar 28, 2023
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd…

  • CVE-2023-23040Feb 22, 2023
    risk 0.00cvss epss 0.00

    TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.

  • CVE-2023-0936Feb 21, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the…

  • CVE-2022-41505Jan 23, 2023
    risk 0.00cvss epss 0.00

    An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value.

  • CVE-2021-37774Jan 19, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code.

  • CVE-2023-22303Jan 17, 2023
    risk 0.00cvss epss 0.01

    TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. Under the certain conditions, an attacker may impersonate an administrator of the product. As a result, information may be obtained and/or the product's…

  • CVE-2022-4498Jan 11, 2023
    risk 0.00cvss epss 0.02

    In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary…

  • CVE-2022-4499Jan 11, 2023
    risk 0.00cvss epss 0.01

    TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and…

  • CVE-2022-46430Dec 20, 2022
    risk 0.00cvss epss 0.00

    TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.

  • CVE-2022-46912Dec 20, 2022
    risk 0.00cvss epss 0.01

    An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.

  • CVE-2022-46910Dec 20, 2022
    risk 0.00cvss epss 0.01

    An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.

  • CVE-2022-46434Dec 20, 2022
    risk 0.00cvss epss 0.01

    An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12.6 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.

  • CVE-2022-46428Dec 20, 2022
    risk 0.00cvss epss 0.00

    TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.

  • CVE-2022-46914Dec 20, 2022
    risk 0.00cvss epss 0.01

    An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.

  • CVE-2022-46432Dec 20, 2022
    risk 0.00cvss epss 0.01

    An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a…

  • CVE-2022-46435Dec 20, 2022
    risk 0.00cvss epss 0.01

    An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.

  • CVE-2022-46139Dec 20, 2022
    risk 0.00cvss epss 0.00

    TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.

Page 9 of 12