Filtered by vendor Tp-link
Subscribe
Total
351 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23040 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2025-03-12 | N/A | 7.5 HIGH |
| TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication. | |||||
| CVE-2023-27078 | 1 Tp-link | 2 Tl-mr3020, Tl-mr3020 Firmware | 2025-02-25 | N/A | 9.8 CRITICAL |
| A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint. | |||||
| CVE-2025-25901 | 1 Tp-link | 2 Tl-wr841nd, Tl-wr841nd Firmware | 2025-02-20 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | |||||
| CVE-2023-28368 | 1 Tp-link | 2 T2600g-28sq, T2600g-28sq Firmware | 2025-02-10 | N/A | 5.7 MEDIUM |
| TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained. | |||||
| CVE-2022-37255 | 1 Tp-link | 2 Tapo C310, Tapo C310 Firmware | 2025-02-06 | N/A | 7.5 HIGH |
| TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603. | |||||
| CVE-2023-2646 | 1 Tp-link | 2 Archer C7, Archer C7 Firmware | 2025-01-24 | 5.0 MEDIUM | 4.5 MEDIUM |
| A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-31701 | 1 Tp-link | 2 Tl-wpa4530 Kit, Tl-wpa4530 Kit Firmware | 2025-01-22 | N/A | 8.8 HIGH |
| TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove. | |||||
| CVE-2023-31700 | 1 Tp-link | 2 Tl-wpa4530 Kit, Tl-wpa4530 Kit Firmware | 2025-01-22 | N/A | 8.8 HIGH |
| TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd. | |||||
| CVE-2023-31756 | 1 Tp-link | 2 Archer Vr1600v, Archer Vr1600v Firmware | 2025-01-21 | N/A | 6.7 MEDIUM |
| A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter. | |||||
| CVE-2023-27126 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2025-01-08 | N/A | 4.6 MEDIUM |
| The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. | |||||
| CVE-2023-33537 | 1 Tp-link | 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more | 2025-01-07 | N/A | 8.1 HIGH |
| TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm. | |||||
| CVE-2023-33536 | 1 Tp-link | 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more | 2025-01-07 | N/A | 8.1 HIGH |
| TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm. | |||||
| CVE-2023-28478 | 1 Tp-link | 2 Ec70, Ec70 Firmware | 2025-01-06 | N/A | 8.8 HIGH |
| TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow. | |||||
| CVE-2024-12344 | 1 Tp-link | 2 Vn020 F3v, Vn020 F3v Firmware | 2024-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12343 | 1 Tp-link | 2 Vn020 F3v, Vn020 F3v Firmware | 2024-12-10 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-36358 | 1 Tp-link | 8 Tl-wr743nd, Tl-wr743nd Firmware, Tl-wr841n and 5 more | 2024-12-10 | N/A | 7.7 HIGH |
| TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-36359 | 1 Tp-link | 6 Tl-wr841n, Tl-wr841n Firmware, Tl-wr940n and 3 more | 2024-12-10 | N/A | 7.5 HIGH |
| TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-36357 | 1 Tp-link | 6 Tl-wr841n, Tl-wr841n Firmware, Tl-wr940n and 3 more | 2024-12-02 | N/A | 7.7 HIGH |
| An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-49515 | 1 Tp-link | 4 Tapo C200, Tapo C200 Firmware, Tapo Tc70 and 1 more | 2024-11-21 | N/A | 4.6 MEDIUM |
| Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components. | |||||
| CVE-2023-47618 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||