TP-LINK Security Vulnerabilities
A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...
7.2CVSS
7.1AI Score
0.0005EPSS
A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated.....
7.2CVSS
7.2AI Score
0.001EPSS
A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to....
7.2CVSS
7.2AI Score
0.001EPSS
A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to...
7.2CVSS
7.3AI Score
0.001EPSS
A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request....
7.2CVSS
7.3AI Score
0.001EPSS
A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP....
7.2CVSS
7.3AI Score
0.001EPSS
Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial....
7.5CVSS
7.2AI Score
0.003EPSS
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions.....
8.8CVSS
8.9AI Score
0.001EPSS
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions.....
8.8CVSS
8.9AI Score
0.001EPSS
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer...
8CVSS
7.9AI Score
0.001EPSS
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login...
7.5CVSS
7.5AI Score
0.001EPSS
Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in...
6.5CVSS
6.4AI Score
0.0004EPSS
An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web...
6.5CVSS
6.3AI Score
0.0004EPSS
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N,...
9.8CVSS
9.3AI Score
0.195EPSS
TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted...
7.5CVSS
7.8AI Score
0.001EPSS
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and...
7.5CVSS
7.9AI Score
0.004EPSS
An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware...
8.8CVSS
8.8AI Score
0.002EPSS
TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update...
4.8CVSS
5.8AI Score
0.001EPSS
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code...
9.8CVSS
9.6AI Score
0.003EPSS
An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware...
8.8CVSS
8.8AI Score
0.002EPSS
An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware...
8.8CVSS
8.8AI Score
0.002EPSS
An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware...
8.8CVSS
8.8AI Score
0.002EPSS
An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service...
7.5CVSS
7.9AI Score
0.001EPSS
TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update...
6.5CVSS
6.2AI Score
0.001EPSS
TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code...
8.1CVSS
8.5AI Score
0.107EPSS
TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update...
4.8CVSS
5.8AI Score
0.001EPSS
TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the...
9.8CVSS
9.8AI Score
0.002EPSS
A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be....
6.5CVSS
5.5AI Score
0.0004EPSS
An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12.6 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware...
7.5CVSS
7.8AI Score
0.002EPSS
9.8CVSS
9.5AI Score
0.0005EPSS
TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function...
9.8CVSS
9.5AI Score
0.0005EPSS
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function...
9.8CVSS
9.6AI Score
0.001EPSS
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function...
9.8CVSS
9.6AI Score
0.001EPSS
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function...
9.8CVSS
9.6AI Score
0.001EPSS
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function...
9.8CVSS
9.6AI Score
0.001EPSS
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function...
9.8CVSS
9.6AI Score
0.001EPSS
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function...
9.8CVSS
9.6AI Score
0.001EPSS
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function...
9.8CVSS
9.6AI Score
0.001EPSS
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function...
9.8CVSS
9.6AI Score
0.001EPSS
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function...
9.8CVSS
9.6AI Score
0.001EPSS
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function...
9.8CVSS
9.6AI Score
0.001EPSS
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function...
9.8CVSS
9.6AI Score
0.001EPSS
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function...
9.8CVSS
9.6AI Score
0.001EPSS
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function...
9.8CVSS
9.6AI Score
0.001EPSS
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection...
8.8CVSS
8.9AI Score
0.002EPSS
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection...
8.8CVSS
8.9AI Score
0.002EPSS
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend...
9.8CVSS
8.9AI Score
0.003EPSS
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC...
8.8CVSS
8.9AI Score
0.001EPSS
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10...
8CVSS
7.9AI Score
0.001EPSS
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS...
8.8CVSS
8.7AI Score
0.001EPSS