Filtered by vendor Tp-link
Subscribe
Total
306 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-27126 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2024-02-04 | N/A | 4.6 MEDIUM |
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. | |||||
CVE-2023-33538 | 1 Tp-link | 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more | 2024-02-04 | N/A | 8.8 HIGH |
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | |||||
CVE-2023-36358 | 1 Tp-link | 8 Tl-wr743nd, Tl-wr743nd Firmware, Tl-wr841n and 5 more | 2024-02-04 | N/A | 7.7 HIGH |
TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
CVE-2022-41505 | 1 Tp-link | 2 Tapo C200 V1, Tapo C200 V1 Firmware | 2024-02-04 | N/A | 6.4 MEDIUM |
An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value. | |||||
CVE-2023-23040 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2024-02-04 | N/A | 7.5 HIGH |
TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication. | |||||
CVE-2022-41783 | 1 Tp-link | 2 Re3000, Re3000 Firmware | 2024-02-04 | N/A | 5.5 MEDIUM |
tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function. | |||||
CVE-2022-4498 | 1 Tp-link | 4 Archer C5, Archer C5 Firmware, Tl-wr710n and 1 more | 2024-02-04 | N/A | 9.8 CRITICAL |
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution. | |||||
CVE-2022-34555 | 1 Tp-link | 2 Tl-r473g, Tl-r473g Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet. | |||||
CVE-2022-42202 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-02-04 | N/A | 6.1 MEDIUM |
TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS). | |||||
CVE-2022-41541 | 1 Tp-link | 2 Ax10, Ax10 Firmware | 2024-02-04 | N/A | 8.1 HIGH |
TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user. | |||||
CVE-2022-37860 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. | |||||
CVE-2022-32058 | 1 Tp-link | 4 Tl-wr741n, Tl-wr741n Firmware, Tl-wr742n and 1 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
CVE-2022-41540 | 1 Tp-link | 2 Ax10, Ax10 Firmware | 2024-02-04 | N/A | 5.9 MEDIUM |
The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information. | |||||
CVE-2021-42232 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2024-02-04 | N/A | 9.8 CRITICAL |
TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router. | |||||
CVE-2022-30075 | 1 Tp-link | 2 Archer Ax50, Archer Ax50 Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. | |||||
CVE-2022-22922 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges. | |||||
CVE-2022-25072 | 1 Tp-link | 2 Archer A54, Archer A54 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. | |||||
CVE-2022-25060 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. | |||||
CVE-2022-25061 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. | |||||
CVE-2022-24355 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name extensions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13910. |