Vulnerabilities (CVE)

Filtered by vendor Tp-link Subscribe
Total 303 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24355 1 Tp-link 2 Tl-wr940n, Tl-wr940n Firmware 2024-02-04 8.3 HIGH 8.8 HIGH
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name extensions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13910.
CVE-2021-44622 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-02-04 10.0 HIGH 9.8 CRITICAL
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.
CVE-2022-33087 1 Tp-link 4 Archer A5, Archer A5 Firmware, Archer C50 and 1 more 2024-02-04 7.8 HIGH 7.5 HIGH
A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2021-44627 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-02-04 10.0 HIGH 9.8 CRITICAL
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
CVE-2022-26641 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-04 6.5 MEDIUM 7.2 HIGH
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.
CVE-2021-44625 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-02-04 10.0 HIGH 9.8 CRITICAL
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.
CVE-2021-44626 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-02-04 10.0 HIGH 9.8 CRITICAL
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
CVE-2022-25062 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-04 5.0 MEDIUM 7.5 HIGH
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2022-24354 1 Tp-link 2 Ac1750, Ac1750 Firmware 2024-02-04 8.3 HIGH 8.8 HIGH
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15835.
CVE-2022-29402 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-04 7.2 HIGH 6.8 MEDIUM
TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.
CVE-2021-44631 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-02-04 10.0 HIGH 9.8 CRITICAL
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request.
CVE-2022-26642 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-04 6.5 MEDIUM 7.2 HIGH
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.
CVE-2022-26640 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-04 6.5 MEDIUM 7.2 HIGH
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.
CVE-2022-26988 3 Fastcom, Mercusys, Tp-link 12 Fac1900r, Fac1900r Firmware, Mercury D196g and 9 more 2024-02-04 7.2 HIGH 7.8 HIGH
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution.
CVE-2021-44630 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-02-04 10.0 HIGH 9.8 CRITICAL
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
CVE-2021-44032 1 Tp-link 1 Omada Software Controller 2024-02-04 5.0 MEDIUM 7.5 HIGH
TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript.
CVE-2021-44632 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-02-04 10.0 HIGH 9.8 CRITICAL
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
CVE-2021-4045 1 Tp-link 2 Tapo C200, Tapo C200 Firmware 2024-02-04 10.0 HIGH 9.8 CRITICAL
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.
CVE-2022-25074 1 Tp-link 2 Tl-wr902ac, Tl-wr902ac Firmware 2024-02-04 10.0 HIGH 9.8 CRITICAL
TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
CVE-2021-44623 1 Tp-link 2 Tl-wr886n, Tl-wr886n Firmware 2024-02-04 10.0 HIGH 9.8 CRITICAL
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.