Tp-link Security Vulnerabilities
The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.
7.5AI Score
0.006EPSS
Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.
6.7AI Score
0.03EPSS
Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter.
6.9AI Score
0.003EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm.
5.9AI Score
0.001EPSS
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files.
7.5CVSS
8.3AI Score
0.043EPSS
A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.
9.8CVSS
9.7AI Score
0.193EPSS
cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified para...
7.9AI Score
0.016EPSS
TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session.
6.9AI Score
0.007EPSS
Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file i...
7AI Score
0.002EPSS
cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action.
6.7AI Score
0.002EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire para...
7.7AI Score
0.003EPSS
TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability.
7.5CVSS
7.5AI Score
0.001EPSS
The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative functions, which allows remote attackers to (1) cause a denial of service (device reboot) via a request...
7.2AI Score
0.003EPSS
9.8CVSS
9.3AI Score
0.003EPSS
8.8CVSS
8.7AI Score
0.015EPSS
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitra...
7.6AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request.
5.8AI Score
0.004EPSS
The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request.
6.8AI Score
0.022EPSS
TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm.
6.8AI Score
0.516EPSS
Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import.
7.4AI Score
0.002EPSS
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR7...
TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices.
7.5CVSS
7.6AI Score
0.001EPSS
TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password.
6.1CVSS
6AI Score
0.001EPSS
On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL.
6.5CVSS
6.7AI Score
0.001EPSS
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.
9.8CVSS
9.2AI Score
0.004EPSS
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.
8.8CVSS
8.7AI Score
0.697EPSS
Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field.
6.1CVSS
6AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.
7.2CVSS
7.4AI Score
0.001EPSS
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.
7.2CVSS
7.4AI Score
0.001EPSS