Filtered by vendor Tp-link
Subscribe
Total
303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10884 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652. | |||||
| CVE-2020-12110 | 1 Tp-link | 14 Nc200, Nc200 Firmware, Nc210 and 11 more | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. | |||||
| CVE-2020-10916 | 1 Tp-link | 2 Tl-wa855re, Tl-wa855re Firmware | 2024-02-04 | 5.2 MEDIUM | 8.0 HIGH |
| This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003. | |||||
| CVE-2020-13224 | 1 Tp-link | 14 Nc200, Nc200 Firmware, Nc210 and 11 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow | |||||
| CVE-2020-14965 | 1 Tp-link | 4 Tl-wr740n, Tl-wr740n Firmware, Tl-wr740nd and 1 more | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator. | |||||
| CVE-2020-9375 | 1 Tp-link | 2 Archer C5, Archer C50 | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field. | |||||
| CVE-2020-10887 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663. | |||||
| CVE-2020-10886 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662. | |||||
| CVE-2020-10883 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651. | |||||
| CVE-2020-12475 | 1 Tp-link | 1 Omada Controller | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. | |||||
| CVE-2020-8423 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
| A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network. | |||||
| CVE-2020-10881 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9660. | |||||
| CVE-2020-10885 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses prior to further processing. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the root user. Was ZDI-CAN-9661. | |||||
| CVE-2020-11445 | 1 Tp-link | 30 Kc200, Kc200 Firmware, Kc300s2 and 27 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. | |||||
| CVE-2020-15057 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-02-04 | 6.1 MEDIUM | 6.5 MEDIUM |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. | |||||
| CVE-2020-12111 | 1 Tp-link | 4 Nc260, Nc260 Firmware, Nc450 and 1 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304. | |||||
| CVE-2020-15054 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-02-04 | 3.3 LOW | 8.8 HIGH |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | |||||
| CVE-2020-12109 | 1 Tp-link | 14 Nc200, Nc200 Firmware, Nc210 and 11 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. | |||||
| CVE-2020-15055 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | |||||
| CVE-2020-10882 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650. | |||||