MidnightBSD

Advisories for tp-link

CVE-2012-2440 HIGH

The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
tp-link 8840t -
CVE-2012-5687 HIGH

Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
tp-link tl-wr841n -
tp-link tl-wr841n_firmware *
CVE-2012-6276 MEDIUM

Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware 3.13.9
tp-link tl-wr841n -
CVE-2012-6316 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link tl-wr841n -
tp-link tl-wr841n_firmware *
CVE-2013-2572 MEDIUM

A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
tp-link tl-sc_3130_firmware *
tp-link tl-sc_3171g_firmware *
tp-link tl-sc_4171g_firmware *
tp-link tl-sc_3130g_firmware *
CVE-2013-2573 HIGH

A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-sc_3171g_firmware *
tp-link tl-sc_4171g_firmware *
tp-link tl-sc_3130g_firmware *
CVE-2013-2578 HIGH

cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link lm_firmware *
tp-link tl-sc3130 -
tp-link tl-sc3130g -
tp-link tl-sc3171 -
tp-link tl-sc3171g -
CVE-2013-2579 HIGH

TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
tp-link lm_firmware *
tp-link tl-sc3130 -
tp-link tl-sc3130g -
tp-link tl-sc3171 -
tp-link tl-sc3171g -
CVE-2013-2580 HIGH

Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file in the mnt/mtd directory.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
tp-link lm_firmware *
tp-link tl-sc3130 -
tp-link tl-sc3130g -
tp-link tl-sc3171 -
tp-link tl-sc3171g -
CVE-2013-2581 HIGH

cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
tp-link lm_firmware *
tp-link tl-sc3130 -
tp-link tl-sc3130g -
tp-link tl-sc3171 -
tp-link tl-sc3171g -
CVE-2013-2645 HIGH

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-352,

Products Affected

Vendor Product Version
tp-link firmware tl-wr1043nd_v1_120405
CVE-2013-2646 MEDIUM

TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr1043nd_firmware v1_120405
CVE-2013-3688 HIGH

The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative functions, which allows remote attackers to (1) cause a denial of service (device reboot) via a request to cgi-bin/reboot or (2) cause a denial of service (reboot and reset to factory defaults) via a request to cgi-bin/hardfactorydefault.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
tp-link lm_firmware *
tp-link tl-sc3130 -
tp-link tl-sc3130g -
tp-link tl-sc3171 -
tp-link tl-sc3171g -
CVE-2013-4654 HIGH

Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND..

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
tp-link tl-wdr4300_firmware -
tp-link tl-1043nd_firmware -
CVE-2013-4848 HIGH

TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-352,

Products Affected

Vendor Product Version
tp-link tl-wdr4300_firmware 3.13.31
CVE-2013-6786 MEDIUM

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link td-8816 -
sitecom wl-174 -
allegrosoft rompager *
huawei mt882 -
dlink dsl-2640r -
dlink dsl-2641r -
zyxel p-660hw_d1 -
CVE-2014-4727 MEDIUM

Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link tl-wdr4300 -
tp-link tl-wdr4300_firmware *
CVE-2014-4728 MEDIUM

The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
tp-link tl-wdr4300 -
tp-link tl-wdr4300_firmware *
CVE-2014-9350 MEDIUM

TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
tp-link tl-wr740n_firmware 3.16.4
tp-link tl-wr740n_firmware 3.17.0
tp-link tl-wr740n_firmware 3.16.6
tp-link tl-wr740n 4
CVE-2014-9510 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware 3.13.27
CVE-2015-3035 HIGH

Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
tp-link archer_c7_(2.0)_firmware *
tp-link tl-wr841n_(9.0)_firmware *
tp-link archer_c8_(1.0)_firmware *
tp-link tl-wr740n_(5.0)_firmware *
tp-link tl-wr841n_(10.0)_firmware *
tp-link tl-wdr3600_(1.0)_firmware *
tp-link tl-wr741nd_(5.0) -
tp-link archer_c9_(1.0)_firmware *
tp-link tl-wdr4300_(1.0)_firmware *
tp-link tl-wdr3500_(1.0)_firmware *
tp-link tl-wr841nd_(10.0)_firmware 150104
tp-link tl-wr741nd_(5.0)_firmware *
tp-link archer_c5_(1.2)_firmware *
tp-link tl-wr841nd_(9.0)_firmware *
CVE-2016-1000009 MEDIUM

TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
tp-link tp-link -
CVE-2016-10719 MEDIUM

TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link archer_cr700_firmware 1.0.6
CVE-2017-10796 LOW

On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,

Products Affected

Vendor Product Version
tp-link nc250_firmware *
CVE-2017-11519 MEDIUM

passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-335,

Products Affected

Vendor Product Version
tp-link archer_c9_(2.0)_firmware 160517
CVE-2017-13772 HIGH

Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
tp-link wr940n_firmware -
CVE-2017-15291 MEDIUM

Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link tl-mr3220_firmware -
CVE-2017-15613 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15614 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15615 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15616 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15617 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15618 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15619 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15620 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15621 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15622 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15623 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15624 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15625 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15626 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15627 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15628 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15629 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15630 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15631 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15632 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15633 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15634 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15635 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15636 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-15637 HIGH

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wvr300_firmware -
tp-link war1750l_firmware -
tp-link war450_firmware -
tp-link wvr1300g_firmware -
tp-link wvr4300l_firmware -
tp-link r483_firmware -
tp-link r473gp-ac_firmware -
tp-link er5110g_firmware -
tp-link r473p-ac_firmware -
tp-link war900l_firmware -
tp-link r4299g_firmware -
tp-link wvr1300l_firmware -
tp-link wvr1750l_firmware -
tp-link wvr900l_firmware -
tp-link r4149g_firmware -
tp-link war302_firmware -
tp-link er5120g_firmware -
tp-link r478+_firmware -
tp-link r4239g_firmware -
tp-link wvr900g_firmware 3.0_170306
tp-link r473g_firmware -
tp-link wvr450l_firmware 1.0161125
tp-link r488_firmware -
tp-link r478g+_firmware -
tp-link war458_firmware -
tp-link war2600l_firmware -
tp-link war458l_firmware -
tp-link r483g_firmware -
tp-link war450l_firmware -
tp-link war1300l_firmware -
tp-link er5520g_firmware -
tp-link wvr302_firmware -
tp-link er5510g_firmware -
tp-link r473_firmware -
tp-link wvr458l_firmware -
tp-link r478_firmware -
tp-link wvr2600l_firmware -
tp-link wvr450_firmware -
CVE-2017-16957 HIGH

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-er6510g_firmware -
tp-link tl-wvr458p_firmware -
tp-link tl-r478+_firmware -
tp-link tl-er5520g_firmware -
tp-link tl-wvr900l_firmware -
tp-link tl-war302_firmware -
tp-link tl-war458_firmware -
tp-link tl-r483_firmware -
tp-link tl-wvr458_firmware -
tp-link tl-er6520g_firmware -
tp-link tl-wvr302_firmware -
tp-link tl-r479p-ac_firmware -
tp-link tl-wvr458l_firmware -
tp-link tl-war2600l_firmware -
tp-link tl-r488_firmware -
tp-link tl-r473p-ac_firmware -
tp-link tl-war900l_firmware -
tp-link tl-r479gpe-ac_firmware -
tp-link tl-er5120g_firmware -
tp-link tl-er7520g_firmware -
tp-link tl-r479gp-ac_firmware -
tp-link tl-r478g_firmware -
tp-link tl-er5510g_firmware -
tp-link tl-r483g_firmware -
tp-link tl-er5110g_firmware -
tp-link tl-r473g_firmware -
tp-link tl-wvr1300g_firmware -
tp-link tl-wvr1200l_firmware -
tp-link tl-r478g+_firmware -
tp-link tl-er3220g_firmware -
tp-link tl-r478_firmware -
tp-link tl-war1750l_firmware -
tp-link tl-r4239g_firmware -
tp-link tl-r473_firmware -
tp-link tl-wvr1300l_firmware -
tp-link tl-r4149g_firmware -
tp-link tl-r4299g_firmware -
tp-link tl-er6110g_firmware -
tp-link tl-wvr450l_firmware -
tp-link tl-war450l_firmware -
tp-link tl-er3210g_firmware -
tp-link tl-er6220g_firmware -
tp-link tl-war458l_firmware -
tp-link tl-wvr450_firmware -
tp-link tl-wvr1750l_firmware -
tp-link tl-war1300l_firmware -
tp-link tl-wvr300_firmware -
tp-link tl-war1200l_firmware -
tp-link tl-wvr450g_firmware -
tp-link tl-war450_firmware -
tp-link tl-wvr900g_firmware -
tp-link tl-wvr4300l_firmware -
tp-link tl-er6120g_firmware -
CVE-2017-16958 HIGH

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-er6510g_firmware -
tp-link tl-wvr458p_firmware -
tp-link tl-r478+_firmware -
tp-link tl-er5520g_firmware -
tp-link tl-wvr900l_firmware -
tp-link tl-war302_firmware -
tp-link tl-war458_firmware -
tp-link tl-r483_firmware -
tp-link tl-wvr458_firmware -
tp-link tl-er6520g_firmware -
tp-link tl-wvr302_firmware -
tp-link tl-r479p-ac_firmware -
tp-link tl-wvr458l_firmware -
tp-link tl-war2600l_firmware -
tp-link tl-r488_firmware -
tp-link tl-r473p-ac_firmware -
tp-link tl-war900l_firmware -
tp-link tl-r479gpe-ac_firmware -
tp-link tl-er5120g_firmware -
tp-link tl-er7520g_firmware -
tp-link tl-r479gp-ac_firmware -
tp-link tl-r478g_firmware -
tp-link tl-er5510g_firmware -
tp-link tl-r483g_firmware -
tp-link tl-er5110g_firmware -
tp-link tl-r473g_firmware -
tp-link tl-wvr1300g_firmware -
tp-link tl-wvr1200l_firmware -
tp-link tl-r478g+_firmware -
tp-link tl-er3220g_firmware -
tp-link tl-r478_firmware -
tp-link tl-war1750l_firmware -
tp-link tl-r4239g_firmware -
tp-link tl-r473_firmware -
tp-link tl-wvr1300l_firmware -
tp-link tl-r4149g_firmware -
tp-link tl-r4299g_firmware -
tp-link tl-er6110g_firmware -
tp-link tl-wvr450l_firmware -
tp-link tl-war450l_firmware -
tp-link tl-er3210g_firmware -
tp-link tl-er6220g_firmware -
tp-link tl-war458l_firmware -
tp-link tl-wvr450_firmware -
tp-link tl-wvr1750l_firmware -
tp-link tl-war1300l_firmware -
tp-link tl-wvr300_firmware -
tp-link tl-war1200l_firmware -
tp-link tl-wvr450g_firmware -
tp-link tl-war450_firmware -
tp-link tl-wvr900g_firmware -
tp-link tl-wvr4300l_firmware -
tp-link tl-er6120g_firmware -
CVE-2017-16959 MEDIUM

The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP header, related to the set_sysinfo and get_sysinfo functions in /usr/lib/lua/luci/controller/locale.lua in uhttpd.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
tp-link tl-er6510g_firmware -
tp-link tl-wvr458p_firmware -
tp-link tl-r478+_firmware -
tp-link tl-er5520g_firmware -
tp-link tl-wvr900l_firmware -
tp-link tl-war302_firmware -
tp-link tl-war458_firmware -
tp-link tl-r483_firmware -
tp-link tl-wvr458_firmware -
tp-link tl-er6520g_firmware -
tp-link tl-wvr302_firmware -
tp-link tl-r479p-ac_firmware -
tp-link tl-wvr458l_firmware -
tp-link tl-war2600l_firmware -
tp-link tl-r488_firmware -
tp-link tl-r473p-ac_firmware -
tp-link tl-war900l_firmware -
tp-link tl-r479gpe-ac_firmware -
tp-link tl-er5120g_firmware -
tp-link tl-er7520g_firmware -
tp-link tl-r479gp-ac_firmware -
tp-link tl-r478g_firmware -
tp-link tl-er5510g_firmware -
tp-link tl-r483g_firmware -
tp-link tl-er5110g_firmware -
tp-link tl-r473g_firmware -
tp-link tl-wvr1300g_firmware -
tp-link tl-wvr1200l_firmware -
tp-link tl-r478g+_firmware -
tp-link tl-er3220g_firmware -
tp-link tl-r478_firmware -
tp-link tl-war1750l_firmware -
tp-link tl-r4239g_firmware -
tp-link tl-r473_firmware -
tp-link tl-wvr1300l_firmware -
tp-link tl-r4149g_firmware -
tp-link tl-r4299g_firmware -
tp-link tl-er6110g_firmware -
tp-link tl-wvr450l_firmware -
tp-link tl-war450l_firmware -
tp-link tl-er3210g_firmware -
tp-link tl-er6220g_firmware -
tp-link tl-war458l_firmware -
tp-link tl-wvr450_firmware -
tp-link tl-wvr1750l_firmware -
tp-link tl-war1300l_firmware -
tp-link tl-wvr300_firmware -
tp-link tl-war1200l_firmware -
tp-link tl-wvr450g_firmware -
tp-link tl-war450_firmware -
tp-link tl-wvr900g_firmware -
tp-link tl-wvr4300l_firmware -
tp-link tl-er6120g_firmware -
CVE-2017-16960 HIGH

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-er6510g_firmware -
tp-link tl-wvr458p_firmware -
tp-link tl-wvr900l_firmware -
tp-link tl-war302_firmware -
tp-link tl-war458_firmware -
tp-link tl-r483 v5
tp-link tl-wvr458_firmware -
tp-link tl-r479p-ac_firmware -
tp-link tl-wvr458l_firmware -
tp-link tl-war2600l_firmware -
tp-link tl-r473p-ac_firmware -
tp-link tl-r4239g v2
tp-link tl-war900l_firmware -
tp-link tl-wvr900g v3
tp-link tl-r479gpe-ac_firmware -
tp-link tl-er5520g v2
tp-link tl-er5120g_firmware -
tp-link tl-er7520g_firmware -
tp-link tl-r479gp-ac_firmware -
tp-link tl-r478g_firmware -
tp-link tl-wvr302 v2
tp-link tl-er5110g_firmware -
tp-link tl-wvr300 v4
tp-link tl-r473g_firmware -
tp-link tl-wvr1300g_firmware -
tp-link tl-er5510g v3
tp-link tl-wvr1200l_firmware -
tp-link tl-war1750l_firmware -
tp-link tl-r488 v5
tp-link tl-er3220g_firmware *
tp-link tl-er5520g v3
tp-link tl-wvr1300l_firmware -
tp-link tl-r4149g_firmware -
tp-link tl-er6520g v2
tp-link tl-r473gp-ac_firmware -
tp-link tl-er6110g_firmware -
tp-link tl-wvr450l_firmware -
tp-link tl-war450l_firmware -
tp-link tl-er3210g_firmware -
tp-link tl-er6220g_firmware -
tp-link tl-war458l_firmware -
tp-link tl-wvr450_firmware -
tp-link tl-er6520g v3
tp-link tl-wvr1750l_firmware -
tp-link tl-war1300l_firmware -
tp-link tl-war1200l_firmware -
tp-link tl-r478 v6
tp-link tl-wvr450g v5
tp-link tl-r478+ v7
tp-link tl-r478g+ v3
tp-link tl-war450_firmware -
tp-link tl-wvr2600l_firmware -
tp-link tl-r483g v2
tp-link tl-wvr4300l_firmware -
tp-link tl-er5510g v2
tp-link tl-r473 v5
tp-link tl-r4299g v2
tp-link tl-er6120g v2
CVE-2017-17745 LOW

Cross-site scripting (XSS) vulnerability in system_name_set.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link tl-sg108e_firmware 1.0.0
CVE-2017-17746 HIGH

Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the authentication applies to the IP address of the NAT gateway, and any user behind that NAT gateway is also treated as authenticated.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
tp-link tl-sg108e_firmware 1.0.0
CVE-2017-17747 LOW

Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow remote attackers to call the logout functionality, triggering a denial of service condition.

CVSS 2.0

Severity: LOW

Problem Type: CWE-306,

Products Affected

Vendor Product Version
tp-link tl-sg108e_firmware 1.0.0
CVE-2017-17757 HIGH

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-wvr1750l_firmware -
tp-link tl-war1300l_firmware -
tp-link tl-war1200l_firmware -
tp-link tl-wvr900l_firmware -
tp-link tl-wvr1300l_firmware -
tp-link tl-wvr2600l_firmware -
tp-link tl-wvr458l_firmware -
tp-link tl-war2600l_firmware -
tp-link tl-wvr4300l_firmware -
tp-link tl-wvr450l_firmware -
tp-link tl-war450l_firmware -
tp-link tl-wvr1200l_firmware -
tp-link tl-war458l_firmware -
tp-link tl-war1750l_firmware -
tp-link tl-war900l_firmware -
CVE-2017-17758 HIGH

TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-wvr1750l_firmware -
tp-link tl-war1300l_firmware -
tp-link tl-war1200l_firmware -
tp-link tl-wvr900l_firmware -
tp-link tl-wvr1300l_firmware -
tp-link tl-wvr2600l_firmware -
tp-link tl-wvr458l_firmware -
tp-link tl-war2600l_firmware -
tp-link tl-wvr4300l_firmware -
tp-link tl-wvr450l_firmware -
tp-link tl-war450l_firmware -
tp-link tl-wvr1200l_firmware -
tp-link tl-war458l_firmware -
tp-link tl-war1750l_firmware -
tp-link tl-war900l_firmware -
CVE-2017-8074 MEDIUM

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
tp-link tl-sg108e_firmware 1.1.2
CVE-2017-8075 MEDIUM

On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
tp-link tl-sg108e_firmware 1.1.2
CVE-2017-8076 HIGH

On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-326,

Products Affected

Vendor Product Version
tp-link tl-sg108e_firmware 1.1.2
CVE-2017-8077 MEDIUM

On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
tp-link tl-sg108e_firmware 1.1.2
CVE-2017-8078 MEDIUM

On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
tp-link tl-sg108e_firmware 1.1.2
CVE-2017-8217 MEDIUM

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
tp-link c2_firmware *
tp-link c20i_firmware *
CVE-2017-8218 HIGH

vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-1188,

Products Affected

Vendor Product Version
tp-link c2_firmware *
tp-link c20i_firmware *
CVE-2017-8219 MEDIUM

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
tp-link c2_firmware *
tp-link c20i_firmware *
CVE-2017-8220 HIGH

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link c2_firmware *
tp-link c20i_firmware *
CVE-2017-9466 HIGH

The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuration service tddp via the LAN and Ath0 (Wi-Fi) interfaces.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-327,

Products Affected

Vendor Product Version
tp-link wr841n_v8_firmware *
CVE-2018-10164 LOW

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link eap_controller 2.6.0
tp-link eap_controller 2.5.4
CVE-2018-10165 LOW

Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link eap_controller 2.6.0
tp-link eap_controller 2.5.4
CVE-2018-10166 MEDIUM

The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submit authenticated requests when an authenticated user browses an attack-controlled domain. This is fixed in version 2.6.1_Windows.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
tp-link eap_controller 2.6.0
tp-link eap_controller 2.5.4
CVE-2018-10167 MEDIUM

The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
tp-link eap_controller 2.6.0
tp-link eap_controller 2.5.4
CVE-2018-10168 MEDIUM

TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
tp-link eap_controller 2.6.0
tp-link eap_controller 2.5.4
CVE-2018-11481 MEDIUM

TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
tp-link ipc_tl-ipc223(p)-6_firmware *
tp-link tl-ipc40a-4_firmware *
tp-link tl-ipc323k-d_firmware *
tp-link tl-ipc325(kp)_firmware *
CVE-2018-11482 HIGH

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
tp-link ipc_tl-ipc223(p)-6_firmware *
tp-link tl-ipc40a-4_firmware *
tp-link tl-ipc323k-d_firmware *
tp-link tl-ipc325(kp)_firmware *
CVE-2018-11714 HIGH

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-384,

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware 0.9.1_4.16
tp-link tl-wr840n_firmware 0.9.1_3.16
CVE-2018-12574 MEDIUM

CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware 0.9.1_4.16
CVE-2018-12575 HIGH

On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware 0.9.1_4.16
CVE-2018-12576 MEDIUM

TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1021,

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware 0.9.1_4.16
CVE-2018-12577 MEDIUM

The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware 0.9.1_4.16
CVE-2018-12692 MEDIUM

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-wa850re_firmware -
CVE-2018-12693 MEDIUM

Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
tp-link tl-wa850re_firmware -
CVE-2018-12694 HIGH

TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
tp-link tl-wa850re_firmware -
CVE-2018-13134 MEDIUM

TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link archer_c1200_firmware 1.13
CVE-2018-14336 MEDIUM

TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
tp-link wr840n -
CVE-2018-15172 MEDIUM

TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware 0.9.1
CVE-2018-15700 MEDIUM

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
tp-link tl-wrn841n_firmware 0.9.1_4.16_v0348.0
CVE-2018-15701 LOW

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
tp-link tl-wrn841n_firmware 0.9.1_4.16_v0348.0
CVE-2018-15702 MEDIUM

The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
tp-link tl-wrn841n_firmware 0.9.1_4.16_v0348.0
CVE-2018-15840 MEDIUM

TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware -
CVE-2018-16119 HIGH

Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (Firmware Version 3) allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
tp-link tl-wr1043nd_firmware 3.00
CVE-2018-17004 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-17005 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall dmz enable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-17006 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-17007 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_wds_2g ssid.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-17008 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-17009 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-17010 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g bandwidth.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-17011 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-17012 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-17013 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-17014 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ip_mac_bind name.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-17015 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-17016 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for reboot_timer name.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-17017 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for dhcpd udhcpd enable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-17018 MEDIUM

An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 6.0_2.3.4
tp-link tl-wr886n_firmware 7.0_1.1.0
CVE-2018-18428 MEDIUM

TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
tp-link tl-sc3130_firmware 1.6.18p12_121101
CVE-2018-18489 MEDIUM

The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wr840n_firmware 3.16.9
CVE-2018-19528 HIGH

TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 7.0.1.1.0
CVE-2018-19537 HIGH

TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin may be used in some cases.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
tp-link archer_c5_firmware *
CVE-2018-20372 LOW

TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link td-w8961nd_firmware 1.0.1
CVE-2018-3948 MEDIUM

An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
tp-link tl-r600vpn_firmware 1.3.0
tp-link tl-r600vpn_firmware 1.2.3
CVE-2018-3949 MEDIUM

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
tp-link tl-r600vpn_firmware 1.3.0
tp-link tl-r600vpn_firmware 1.2.3
CVE-2018-3950 MEDIUM

An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
tp-link tl-r600vpn_firmware 1.3.0
tp-link tl-r600vpn_firmware 1.2.3
CVE-2018-3951 MEDIUM

An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
tp-link tl-r600vpn_firmware *
CVE-2018-5393 HIGH

The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
tp-link eap_controller *
CVE-2019-12103 HIGH

The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link m7350_firmware *
CVE-2019-12104 HIGH

The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
tp-link m7350_firmware *
CVE-2019-12195 LOW

TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware 0.9.1_3.16
CVE-2019-13266 MEDIUM

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-669,

Products Affected

Vendor Product Version
tp-link archer_c2_v1_firmware -
tp-link archer_c3200_v1_firmware -
CVE-2019-13267 MEDIUM

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After it leaves, the router (following the IGMP protocol) creates an IGMP Membership Query packet with the Group IP and sends it to both the Host and the Guest networks. The data is transferred within the Group IP field, which is completely controlled by the sender.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link archer_c2_v1_firmware -
tp-link archer_c3200_v1_firmware -
CVE-2019-13268 MEDIUM

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To use this leakage as a direct covert channel, the sender can trivially issue an ARP request to an arbitrary computer on the network. (In general, some routers restrict ARP forwarding only to requests destined for the network's subnet mask, but these routers did not restrict this traffic in any way. Depending on this factor, one must use either the lower 8 bits of the IP address, or the entire 32 bits, as the data payload.)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
tp-link archer_c2_v1_firmware -
tp-link archer_c3200_v1_firmware -
CVE-2019-13613 HIGH

CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
tp-link archer_c1200_firmware 1.0.0
CVE-2019-13614 HIGH

CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
tp-link archer_c1200_firmware 1.0.0
CVE-2019-13649 HIGH

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection (issue 1 of 5).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link m7350_firmware *
CVE-2019-13650 HIGH

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection (issue 2 of 5).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link m7350_firmware *
CVE-2019-13651 HIGH

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link m7350_firmware *
CVE-2019-13652 HIGH

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link m7350_firmware *
CVE-2019-13653 HIGH

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link m7350_firmware *
CVE-2019-15060 MEDIUM

The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware *
CVE-2019-16893 HIGH

The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
tp-link tp-sg105e_firmware 1.0.0
CVE-2019-17147 HIGH

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware 0.9.1_4.16
CVE-2019-19143 MEDIUM

TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
tp-link tl-wr849n_firmware 0.9.1_4.16
CVE-2019-6487 MEDIUM

TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-wdr3600_firmware *
tp-link tl-wdr3500_firmware *
tp-link tl-wdr5620_firmware *
tp-link tl-wdr4300_firmware *
tp-link tl-wdr4900_firmware *
CVE-2019-6971 HIGH

An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link tl-wr1043nd_firmware 2.0
CVE-2019-6972 MEDIUM

An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding and base64, leading to easy decoding. Also, the username is cleartext, and the password is hashed with the MD5 algorithm (after decoding of the URL encoded string with base64).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
tp-link tl-wr1043nd_firmware 2.0
CVE-2019-6989 HIGH

TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
tp-link tl-wr941nd_firmware -
tp-link tl-wr940n_firmware -
CVE-2020-10231 MEDIUM

TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
tp-link nc250_firmware 1.3.0
tp-link nc200_firmware 2.1.7
tp-link nc260_firmware 1.0.5
tp-link nc260_firmware 1.0.6
tp-link nc220_firmware 1.1.14
tp-link nc450_firmware 1.5.0
tp-link nc200_firmware 2.1.6
tp-link nc220_firmware 1.1.12
tp-link nc230_firmware 1.3.0
tp-link nc220_firmware 1.3.0
tp-link nc450_firmware 1.1.2
tp-link nc220_firmware 1.2.0
tp-link nc260_firmware 1.5.1
tp-link nc450_firmware 1.1.6
tp-link nc210_firmware 1.0.9
tp-link nc450_firmware 1.1.1
tp-link nc200_firmware 2.1.8
CVE-2020-10881 HIGH

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9660.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
tp-link ac1750_firmware 190726
CVE-2020-10882 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. When parsing the slave_mac parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9650.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
tp-link ac1750_firmware 190726
CVE-2020-10883 MEDIUM

This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the file system. The issue lies in the lack of proper permissions set on the file system. An attacker can leverage this vulnerability to escalate privileges. Was ZDI-CAN-9651.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
tp-link ac1750_firmware 190726
CVE-2020-10884 MEDIUM

This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-321,CWE-798,

Products Affected

Vendor Product Version
tp-link ac1750_firmware 190726
CVE-2020-10885 HIGH

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses prior to further processing. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the root user. Was ZDI-CAN-9661.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
tp-link ac1750_firmware 190726
CVE-2020-10886 HIGH

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
tp-link ac1750_firmware 190726
CVE-2020-10887 HIGH

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-693,NVD-CWE-Other,

Products Affected

Vendor Product Version
tp-link ac1750_firmware 190726
CVE-2020-10888 HIGH

This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the WAN interface. Was ZDI-CAN-9664.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
tp-link ac1750_firmware 190726
CVE-2020-10916 MEDIUM

This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
tp-link tl-wa855re_firmware 190408
tp-link tl-wa855re_firmware 191213
CVE-2020-11445 MEDIUM

TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link nc200_firmware *
tp-link kc300s2_firmware *
tp-link tl-sc3430_firmware *
tp-link nc230_firmware *
tp-link nc210_firmware *
tp-link kc200_firmware *
tp-link nc450_firmware *
tp-link tl-sc4171g_firmware *
tp-link nc250_firmware *
tp-link tl-sc3430n_firmware *
tp-link tapo_c200_firmware *
tp-link kc310s2_firmware *
tp-link tapo_c100_firmware *
tp-link nc220_firmware *
tp-link nc260_firmware *
CVE-2020-12109 HIGH

Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link nc250_firmware 1.3.0
tp-link nc260_firmware 1.0.5
tp-link nc260_firmware 1.0.6
tp-link nc250_firmware 1.2.1
tp-link nc210_firmware 1.0.3
tp-link nc260_firmware 1.4.1
tp-link nc200_firmware 2.1.6
tp-link nc210_firmware 1.0.4
tp-link nc230_firmware 1.2.1
tp-link nc230_firmware 1.3.0
tp-link nc450_firmware 1.3.4
tp-link nc220_firmware 1.3.0
tp-link nc450_firmware 1.1.2
tp-link nc220_firmware 1.2.0
tp-link nc450_firmware 1.0.15
tp-link nc250_firmware 1.0.8
tp-link nc250_firmware 1.0.10
tp-link nc210_firmware 1.0.9
tp-link nc230_firmware 1.0.3
tp-link nc260_firmware 1.5.2
tp-link nc450_firmware 1.5.3
tp-link nc200_firmware 2.1.9
tp-link nc260_firmware 1.5.0
CVE-2020-12110 MEDIUM

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
tp-link nc250_firmware 1.3.0
tp-link nc260_firmware 1.0.5
tp-link nc260_firmware 1.0.6
tp-link nc250_firmware 1.2.1
tp-link nc210_firmware 1.0.3
tp-link nc260_firmware 1.4.1
tp-link nc200_firmware 2.1.6
tp-link nc210_firmware 1.0.4
tp-link nc230_firmware 1.2.1
tp-link nc230_firmware 1.3.0
tp-link nc450_firmware 1.3.4
tp-link nc220_firmware 1.3.0
tp-link nc450_firmware 1.1.2
tp-link nc220_firmware 1.2.0
tp-link nc450_firmware 1.0.15
tp-link nc250_firmware 1.0.8
tp-link nc250_firmware 1.0.10
tp-link nc210_firmware 1.0.9
tp-link nc230_firmware 1.0.3
tp-link nc260_firmware 1.5.2
tp-link nc450_firmware 1.5.3
tp-link nc200_firmware 2.1.9
tp-link nc260_firmware 1.5.0
CVE-2020-12111 HIGH

Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link nc450_firmware 1.1.2
tp-link nc260_firmware 1.0.5
tp-link nc450_firmware 1.0.15
tp-link nc260_firmware 1.0.6
tp-link nc260_firmware 1.4.1
tp-link nc260_firmware 1.5.2
tp-link nc450_firmware 1.5.3
tp-link nc260_firmware 1.5.0
tp-link nc450_firmware 1.3.4
CVE-2020-12475 LOW

TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-22,

Products Affected

Vendor Product Version
tp-link omada_controller 3.2.6
CVE-2020-12695 HIGH

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H 2.2 4.7

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
hp 5030_z4a70a -
hp envy_pro_6420_6wd16a -
hp hp_envy_4524_k9t01a -
hp hp_envy_4521_k9t10b -
hp deskjet_ink_advantage_3548_a9t81b -
hp envy_5547_j6u64a -
epson xp-100 -
hp hp_deskjet_ink_advantage_4536_f0v65a -
hp deskjet_ink_advantage_3546_a9t82a -
epson xp-970 -
hp envy_photo_6234_k7s21b -
hp envy_4501_c8d05a -
hp envy_5664_f8b08a -
hp deskjet_ink_advantage_3545_a9t81a -
hp officejet_4655_k9v79a -
cisco wap150 -
huawei hg532e -
hp envy_photo_6200_k7s21b -
hp envy_114_cq811a -
hp hp_envy_4526_k9t05b -
hp envy_4520_f0v63a -
hp deskjet_ink_advantage_4535_f0v64b -
hp officejet_4652_f1j02a -
hp envy_4500_a9t89a -
hp envy_5532 -
hp envy_photo_7100_k7g93a -
hp deskjet_ink_advantage_3545_a9t83b -
hp envy_4502_a9t87b -
hp envy_5534 -
hp envy_5530 -
hp envy_5644_b9s65a -
hp envy_5646_f8b05a -
hp hp_envy_4524_f0v72b -
hp deskjet_ink_advantage_4675_f1h97c -
hp deskjet_ink_advantage_3545_a9t81c -
hp envy_120_cz022c -
hp envy_5020_m2u91b -
hp hp_envy_4520_e6g67a -
hp envy_110_cq809d -
hp hp_envy_4511_k9h50a -
hp hp_deskjet_ink_advantage_4675_f1h97a -
microsoft windows_10 -
w1.fi hostapd *
hp envy_photo_7100_z3m37a -
hp envy_5536 -
epson xp-8500 -
hp envy_6020_5se16b -
hp envy_4522_f0v67a -
hp envy_5541_k7g89a -
hp hp_envy_4513_k9h51a -
hp envy_110_cq809a -
hp envy_4523_j6u60b -
hp hp_deskjet_ink_advantage_4535_f0v64c -
broadcom adsl -
hp hp_officejet_4654_f1j06b -
hp envy_5540_g0v53a -
epson xp-320 -
hp officejet_4650_e6g87a -
canon selphy_cp1200 -
hp 5020_z4a69a -
hp envy_100_cn518a -
hp hp_envy_4520_f0v63b -
hp envy_pro_6420_5se46a -
hp envy_5548_k7g87a -
hp envy_photo_6232_k7g26b -
nec wr8165n -
hp hp_officejet_4658_v6d30b -
zyxel vmg8324-b10a -
hp envy_4509_d3p94b -
debian debian_linux 10.0
epson xp-4100 -
hp deskjet_ink_advantage_4675_f1h97a -
hp envy_120_cz022b -
hp hp_envy_4520_f0v69a -
ui unifi_controller -
hp officejet_4650_f1h96a -
hp envy_4511_k9h50a -
hp envy_4509_d3p94a -
hp envy_4525_k9t09b -
ruckussecurity zonedirector_1200 -
epson xp-4105 -
hp hp_deskjet_ink_advantage_4538_f0v66b -
hp deskjet_ink_advantage_4518 -
hp envy_5640_b9s56a -
hp hp_envy_4520_e6g67b -
huawei hg255s -
hp hp_envy_4520_f0v63a -
fedoraproject fedora 32
hp envy_photo_7100_3xd89a -
hp envy_120_cz022a -
hp hp_officejet_4655_k9v82b -
hp 5660_f8b04a -
hp envy_4500_a9t80a -
hp envy_4521_k9t10b -
hp envy_photo_6230_k7g25b -
hp envy_photo_6200_y0k15a -
asus rt-n11 -
hp envy_4512_k9h49a -
epson xp-440 -
hp envy_6020_6wd35a -
hp hp_officejet_4655_f1j00a -
dlink dvg-n5412sp -
hp envy_4504_a9t88b -
hp envy_photo_7100_k7g99a -
hp hp_officejet_4652_f1j02a -
hp deskjet_ink_advantage_4536_f0v65a -
hp deskjet_ink_advantage_4675_f1h97b -
hp envy_4500_d3p93a -
hp envy_100_cn519b -
hp hp_officejet_4650_f1h96a -
hp officejet_4654_f1j06b -
hp envy_4505_a9t86a -
hp deskjet_ink_advantage_4535_f0v64c -
hp envy_4527_j6u61b -
hp envy_4500_a9t80b -
hp envy_5000_m2u85a -
hp envy_photo_7800_k7s00a -
hp hp_envy_4523_j6u60b -
hp envy_5642_b9s64a -
tp-link archer_c50 -
hp envy_5665_f8b06a -
epson xp-340 -
hp envy_photo_7120_z3m41d -
hp hp_envy_4528_k9t08b -
epson xp-330 -
hp officejet_4652_f1j05b -
hp hp_officejet_4655_k9v79a -
epson xp-620 -
hp envy_5544_k7c89a -
hp envy_photo_7800_k7s10d -
hp hp_deskjet_ink_advantage_4676_f1h98a -
hp officejet_4652_k9v84b -
hp envy_4503_e6g71b -
hp envy_photo_6220_k7g20d -
hp envy_4508_e6g72b -
hp envy_6540_b9s59a -
debian debian_linux 9.0
hp envy_4524_f0v72b -
canonical ubuntu_linux 20.04
hp hp_officejet_4654_f1j07b -
hp envy_5000_m2u91a -
hp envy_5643_b9s63a -
hp envy_100_cn517b -
hp envy_110_cq812c -
hp hp_envy_4525_k9t09b -
epson ew-m970a3t -
epson xp-2101 -
hp officejet_4658_v6d30b -
hp 5034_z4a74a -
hp envy_photo_7800_y0g52b -
cisco wap351 -
hp deskjet_ink_advantage_3456_a9t84c -
hp envy_110_cq809c -
hp deskjet_ink_advantage_4678_f1h99b -
hp hp_deskjet_ink_advantage_4675_f1h97c -
hp officejet_4657_v6d29b -
hp envy_5540_g0v51a -
hp hp_officejet_4652_k9v84b -
hp officejet_4654_f1j07b -
hp envy_photo_7100_z3m52a -
cisco wap131 -
hp envy_photo_6200_y0k13d_ -
hp envy_6020_7cz37a -
epson xp-960 -
hp hp_officejet_4650_e6g87a -
hp envy_photo_7155_z3m52a -
hp envy_7644_e4w46a -
epson xp-702 -
hp envy_photo_6220_k7g21b -
epson ep-101 -
hp envy_114_cq812a -
hp envy_5545_g0v50a -
hp envy_pro_6420_6wd14a -
hp envy_5542_k7c88a -
hp envy_4520_e6g67a -
hp envy_4520_e6g67b -
hp envy_5544_k7c93a -
hp envy_6052_5se18a -
hp envy_pro_6455_5se45a -
hp envy_photo_7800_k7r96a -
hp envy_4520_f0v69a -
hp envy_5000_m2u91a *
hp hp_envy_4527_j6u61b -
hp envy_5540_g0v47a -
hp envy_6055_5se16a -
hp envy_5000_m2u94b -
hp hp_envy_4516_k9h52a -
hp envy_4516_k9h52a -
hp officejet_4656_k9v81b -
hp envy_5000_z4a74a -
hp envy_4524_f0v71b -
dell b1165nfw -
hp envy_100_cn517a -
hp hp_officejet_4652_f1j05b -
hp envy_5531 -
hp envy_7645_e4w44a -
hp hp_officejet_4656_k9v81b -
hp envy_6020_5se17a -
hp envy_pro_6452_5se47a -
fedoraproject fedora 31
hp envy_4524_k9t01a -
hp deskjet_ink_advantage_4538_f0v66b -
hp envy_4526_k9t05b -
hp officejet_4655_f1j00a -
hp envy_5000_m2u85b -
hp envy_5535 -
hp envy_5540_f2e72a -
hp envy_photo_7822_y0g43d -
hp hp_deskjet_ink_advantage_4675_f1h97b -
epson m571t -
hp envy_100_cn519a -
hp envy_5000_z4a54a -
hp envy_4507_e6g70b -
hp envy_photo_7164_k7g99a -
hp envy_photo_6222_y0k14d -
hp hp_envy_4512_k9h49a -
hp deskjet_ink_advantage_4676_f1h98a -
hp envy_5640_b9s58a -
hp envy_114_cq811b -
hp envy_pro_6420_5se45b -
epson xp-2105 -
netgear wnhde111 -
epson xp-241 -
hp hp_deskjet_ink_advantage_4535_f0v64a -
hp officejet_4650_f1h96b -
hp envy_110_cq809b -
hp envy_100_cn517c -
epson xp-8600 -
hp hp_envy_4524_f0v71b -
zyxel amg1202-t10b -
hp envy_4520_f0v63b -
hp officejet_4655_k9v82b -
hp envy_photo_6200_k7g18a -
hp envy_5540_k7c85a -
hp 5030_m2u92b -
hp deskjet_ink_advantage_4535_f0v64a -
hp envy_photo_6222_y0k13d -
hp envy_4528_k9t08b -
zte zxv10_w300 -
hp hp_officejet_4650_f1h96b -
hp envy_4513_k9h51a -
hp hp_deskjet_ink_advantage_4535_f0v64b -
epson xp-630 -
hp envy_4502_a9t85a -
hp deskjet_ink_advantage_4515 -
hp envy_photo_7800_y0g42d -
microsoft xbox_one 10.0.19041.2494
hp envy_5543_n9u88a -
hp envy_4504_c8d04a -
hp envy_photo_6200_k7g26b -
hp deskjet_ink_advantage_5575_g0v48b -
hp deskjet_ink_advantage_5575_g0v48c -
hp envy_7640 -
hp envy_5539 -
hp envy_photo_7830_y0g50b -
hp envy_photo_7822_y0g42d -
hp envy_5546_k7c90a -
hp envy_5540_g0v52a -
hp envy_111_cq810a -
hp hp_envy_4522_f0v67a -
hp envy_photo_6252_k7g22a -
hp hp_officejet_4657_v6d29b -
hp hp_deskjet_ink_advantage_4678_f1h99b -
CVE-2020-13224 HIGH

TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link nc200_firmware *
tp-link nc250_firmware *
tp-link nc230_firmware *
tp-link nc210_firmware *
tp-link nc450_firmware *
tp-link nc220_firmware *
tp-link nc260_firmware *
CVE-2020-14965 LOW

On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link tl-wr740n_firmware -
tp-link tl-wr740nd_firmware -
CVE-2020-15054 LOW

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-319,CWE-522,

Products Affected

Vendor Product Version
tp-link tl-ps310u_firmware *
CVE-2020-15055 HIGH

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
tp-link tl-ps310u_firmware *
CVE-2020-15056 LOW

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.2 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link tl-ps310u_firmware *
CVE-2020-15057 MEDIUM

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
tp-link tl-ps310u_firmware *
CVE-2020-17891 MEDIUM

TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link archer_c1200_firmware 1.13
CVE-2020-24297 HIGH

httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-wpa4220_firmware *
CVE-2020-24363 HIGH

TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
tp-link tl-wa855re_firmware *
tp-link tl-wa855re_firmware 20200415
CVE-2020-28005 LOW

httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wpa4220_firmware *
CVE-2020-28347 HIGH

tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link ac1750_firmware *
CVE-2020-28877 HIGH

Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link wdr8640_firmware -
tp-link wdr8620_firmware -
tp-link wdr7660_firmware -
tp-link wr886n_firmware -
tp-link wdr7500_firmware -
tp-link wdr8500_firmware -
tp-link wdr8400_firmware -
tp-link wdr8660_firmware -
tp-link wdr7400_firmware -
tp-link wr880n_firmware -
tp-link wr882n_firmware -
tp-link wr890n_firmware -
tp-link wr708n_firmware -
tp-link wdr8600_firmware -
tp-link wdr7800_firmware -
CVE-2020-35575 HIGH

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link wr842nd_firmware -
tp-link mr6400_firmware -
tp-link wa701nd_firmware -
tp-link archer_c7_firmware -
tp-link wr1043nd_firmware -
tp-link wr842n_firmware -
tp-link wr940n_firmware -
tp-link wa901nd_firmware *
tp-link wr841hp_firmware -
tp-link wr1045nd_firmware -
tp-link wr841n_firmware -
tp-link wr949n_firmware -
tp-link wrd4300_firmware -
tp-link wr741nd_firmware -
tp-link wr845n_firmware -
tp-link wr749n_firmware -
tp-link we843n_firmware -
tp-link wdr3500_firmware -
tp-link wdr3600_firmware -
tp-link mr3420_firmware -
tp-link wr740n_firmware -
tp-link wr945n_firmware -
tp-link archer_c5_firmware -
tp-link wa801nd_firmware -
tp-link wr840n_firmware -
tp-link wr802n_firmware -
tp-link wr941hp_firmware -
CVE-2020-35576 HIGH

A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware *
CVE-2020-36178 HIGH

oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware 6_eu_0.9.1_4.16
CVE-2020-5795 HIGH

UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.2 MEDIUM CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.3 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,

Products Affected

Vendor Product Version
tp-link archer_a7_firmware 200721
CVE-2020-5797 LOW

UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 0.9 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
tp-link archer_c9_firmware 180125
CVE-2020-8423 HIGH

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware 3.16.9
CVE-2020-9374 HIGH

On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-wr849n_firmware 0.9.1_4.16
CVE-2020-9375 HIGH

TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-772,

Products Affected

Vendor Product Version
tp-link archer_c50 build_200318
tp-link archer_c50 build_170822
tp-link archer_c50 build_171227
CVE-2021-26827 HIGH

Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the "/userRpm/popupSiteSurveyRpm.html" webpage, which crashes the router.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr2041+_firmware -
CVE-2021-27209 LOW

In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 1.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-319,

Products Affected

Vendor Product Version
tp-link archer_c5v_firmware 1.7_181221
CVE-2021-27210 MEDIUM

TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,

Products Affected

Vendor Product Version
tp-link archer_c5v_firmware 1.7_181221
CVE-2021-27245 HIGH

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-12309.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-693,

Products Affected

Vendor Product Version
tp-link archer_a7_firmware *
CVE-2021-27246 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-12306.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,

Products Affected

Vendor Product Version
tp-link ac1750_firmware 1.0.15
CVE-2021-28857 MEDIUM

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
tp-link tl-wpa4220_firmware 4.0.2
CVE-2021-28858 LOW

TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,

Products Affected

Vendor Product Version
tp-link tl-wpa4220_firmware 4.0.2
CVE-2021-29280 MEDIUM

In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-668,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware -
CVE-2021-29302 HIGH

TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr802n_firmware *
CVE-2021-3125 MEDIUM

In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-834,

Products Affected

Vendor Product Version
tp-link tl-xdr3250_firmware *
tp-link tl-xdr3230_firmware *
tp-link tl-xdr1850_firmware *
tp-link tl-xdr5430_firmware *
tp-link tl-xdr6060_firmware *
tp-link tl-xdr1860_firmware *
CVE-2021-31658 MEDIUM

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-129,

Products Affected

Vendor Product Version
tp-link tl-sg2005_firmware 1.0.0
tp-link tl-sg2008_firmware 1.0.0
CVE-2021-31659 MEDIUM

TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
tp-link tl-sg2005_firmware 1.0.0
tp-link tl-sg2008_firmware 1.0.0
CVE-2021-3275 MEDIUM

Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
tp-link td-w9977_firmware v1_0.1.0_0.9.1_up_boot(161123)_2016-11-23_15.36.15
tp-link tl-wa801nd_firmware v5_us_0.9.1_3.16_up_boot[170905-rel56404]
tp-link tl-wa801n_firmware v6_eu_0.9.1_3.16_up_boot[200116-rel61815]
tp-link archer-c3150_firmware v2_170926
tp-link tl-wr802n_firmware v4_us_0.9.1_3.17_up_boot[200421-rel38950]
CVE-2021-35003 HIGH

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14655.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,

Products Affected

Vendor Product Version
tp-link archer_c90_firmware 1.0.6
CVE-2021-35004 HIGH

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14656.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,

Products Affected

Vendor Product Version
tp-link tl-wa1201_firmware 1.0.1
CVE-2021-37774

An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code.

Products Affected

Vendor Product Version
tp-link tl-wdr7660_firmware 2.0.30
CVE-2021-38543 MEDIUM

TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link ue330_firmware *
CVE-2021-40288 HIGH

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-290,

Products Affected

Vendor Product Version
tp-link archer_ax10_firmware *
CVE-2021-4045 HIGH

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve-coordination@incibe.es 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,CWE-77,

Products Affected

Vendor Product Version
tp-link tapo_c200_firmware *
CVE-2021-4144 MEDIUM

TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
tp-link tl-wr802n_firmware *
CVE-2021-41450 MEDIUM

An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
tp-link archer_ax10_v1_firmware *
CVE-2021-41451 MEDIUM

A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
tp-link archer_ax10_firmware *
CVE-2021-41653 HIGH

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware *
CVE-2021-42232

TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link archer_a7_firmware 210519
CVE-2021-44032 MEDIUM

TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
tp-link omada_software_controller *
CVE-2021-44622 HIGH

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 20190826_2.3.8
CVE-2021-44623 HIGH

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 20190826_2.3.8
CVE-2021-44625 HIGH

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 20190826_2.3.8
CVE-2021-44626 HIGH

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 20190826_2.3.8
CVE-2021-44627 HIGH

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 20190826_2.3.8
CVE-2021-44628 HIGH

A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 20190826_2.3.8
CVE-2021-44629 HIGH

A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 20190826_2.3.8
CVE-2021-44630 HIGH

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 20190826_2.3.8
CVE-2021-44631 HIGH

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 20190826_2.3.8
CVE-2021-44632 HIGH

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 20190826_2.3.8
CVE-2021-44827 HIGH

There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link archer_c20i_firmware *
CVE-2021-44864 MEDIUM

TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link wn886n_firmware 1.0.1
CVE-2021-46122 HIGH

Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware 0.9.1_4.17_v0001.0
CVE-2022-0162 HIGH

The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
vdisclose@cert-in.org.in 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware 3.16.9
CVE-2022-0650

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13993.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link tl-wr940n_firmware *
CVE-2022-22922 HIGH

TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-330,

Products Affected

Vendor Product Version
tp-link tl-wa850re_firmware *
CVE-2022-24352

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 211210 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko kernel module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15773.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link ac1750_firmware *
CVE-2022-24353

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-15769.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link ac1750_firmware *
CVE-2022-24354 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15835.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
tp-link ac1750_firmware *
CVE-2022-24355 HIGH

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name extensions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13910.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
tp-link tl-wr940n_firmware *
CVE-2022-24972

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13911.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
tp-link tl-wr940n_firmware 3.20.1
CVE-2022-24973

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13992.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link tl-wr940n_firmware 3.20.1
CVE-2022-25060 HIGH

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware 6.20_180709
CVE-2022-25061 HIGH

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware 6.20_180709
CVE-2022-25062 MEDIUM

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware 6.20_180709
CVE-2022-25064 HIGH

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware 6.20_180709
CVE-2022-25072 HIGH

TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
tp-link archer_a54_firmware 210111
CVE-2022-25073 HIGH

TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware 0.9.1_4.18
CVE-2022-25074 HIGH

TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
tp-link tl-wr902ac_firmware 191209
CVE-2022-26639 MEDIUM

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware 0.9.1.4.16
CVE-2022-26640 MEDIUM

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware 0.9.1.4.16
CVE-2022-26641 MEDIUM

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware 0.9.1.4.16
CVE-2022-26642 MEDIUM

TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware 0.9.1.4.16
CVE-2022-26987 HIGH

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
tp-link tl-wdr5660_firmware -
tp-link tl-wdr7661_firmware -
tp-link tl-wdr7660_firmware 2.0.30
mercusys mercury_d196g_firmware 20200109_2.0.4
tp-link tl-wdr7620_firmware -
fastcom fac1900r_firmware 20190827_2.0.2
CVE-2022-26988 HIGH

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
tp-link tl-wdr5660_firmware -
tp-link tl-wdr7661_firmware -
tp-link tl-wdr7660_firmware 2.0.30
mercusys mercury_d196g_firmware 20200109_2.0.4
tp-link tl-wdr7620_firmware -
fastcom fac1900r_firmware 20190827_2.0.2
CVE-2022-29402 HIGH

TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware -
CVE-2022-30024

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware 150310
tp-link tl-wr841n(eu)_firmware 160325
tp-link tl-wr841n_firmware 150616
tp-link tl-wr841n_firmware 3.16.9
tp-link tl-wr841_firmware -
CVE-2022-30075 MEDIUM

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
tp-link archer_ax50_firmware *
CVE-2022-32058 HIGH

An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-835,

Products Affected

Vendor Product Version
tp-link tl-wr742n_firmware -
tp-link tl-wr742n_firmware v3_130415
tp-link tl-wr741n_firmware v3_130415
tp-link tl-wr741n_firmware -
CVE-2022-33087 HIGH

A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
tp-link archer_c50_firmware c50&a5(us)_v5_200407
tp-link archer_a5_firmware c50&a5(us)_v5_200407
CVE-2022-34555

TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link tl-r473g_firmware 2.0.1
CVE-2022-37255

TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603.

Products Affected

Vendor Product Version
tp-link tapo_c310_firmware 1.3.0
CVE-2022-37860

The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability.

Products Affected

Vendor Product Version
tp-link m7350_firmware 190531
CVE-2022-40486

TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link archer_ax10_v1_firmware 1.3.1
CVE-2022-41505

An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value.

Products Affected

Vendor Product Version
tp-link tapo_c200_v1_firmware -
CVE-2022-41540

The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
tp-link ax10_firmware v1_211117
CVE-2022-41541

TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
tp-link ax10_firmware v1_211117
CVE-2022-41783

tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function.

Products Affected

Vendor Product Version
tp-link re3000_firmware *
CVE-2022-42202

TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware 4.17.16_build_120201_rel.54750n
CVE-2022-42433

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_V14_220121 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17356.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link tl-wr841_firmware *
CVE-2022-4296

A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214812.

Products Affected

Vendor Product Version
tp-link tl-wr740n_firmware -
CVE-2022-43635

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the incorrect implementation of the authentication algorithm. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17332.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
tp-link tl-wr940n_firmware 6_211111_3.20.1
CVE-2022-43636

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of sufficient randomness in the sequnce numbers used for session managment. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-18334.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link tl-wr940n_firmware 6_211111_3.20.1
CVE-2022-4498

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.

Products Affected

Vendor Product Version
tp-link archer_c5_firmware 2_160201_us
tp-link tl-wr710n_firmware 1_151022_us
CVE-2022-4499

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password.

Products Affected

Vendor Product Version
tp-link archer_c5_firmware 2_160201_us
tp-link tl-wr710n_firmware 1_151022_us
CVE-2022-46139

TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.

Products Affected

Vendor Product Version
tp-link tl-wr940n_v4_firmware *
CVE-2022-46428

TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.

Products Affected

Vendor Product Version
tp-link tl-wr1043nd_v1_firmware *
CVE-2022-46430

TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.

Products Affected

Vendor Product Version
tp-link tl-wr741nd_v2_firmware *
tp-link tl-wr740n_v1_firmware *
tp-link tl-wr740n_v2_firmware *
tp-link tl-wr741nd_v1_firmware *
CVE-2022-46432

An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v3.12.20 and earlier.

Products Affected

Vendor Product Version
tp-link tl-wr743nd_v1_firmware *
CVE-2022-46434

An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12.6 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.

Products Affected

Vendor Product Version
tp-link tl-wa7510n_v1_firmware *
CVE-2022-46435

An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.

Products Affected

Vendor Product Version
tp-link tl-wr941nd_v4_firmware *
tp-link tl-wr941nd_v3_firmware *
tp-link tl-wr941nd_v2_firmware *
CVE-2022-46910

An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.

Products Affected

Vendor Product Version
tp-link tl-wa901n_firmware *
tp-link tl-wa901nd_v2_firmware *
tp-link tl-wa901nd_v1_firmware *
CVE-2022-46912

An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.

Products Affected

Vendor Product Version
tp-link tl-wr841nd_v7_firmware *
tp-link tl-wr841n_firmware *
CVE-2022-46914

An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.

Products Affected

Vendor Product Version
tp-link tl-wa801n_firmware *
tp-link tl-wa801nd_v1_firmware *
CVE-2022-48194

TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link tl-wr902ac_firmware *
CVE-2023-0936 MEDIUM

A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221552.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
tp-link archer_c50 v2_160801
CVE-2023-1389

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link archer_ax21_firmware *
CVE-2023-22303

TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. Under the certain conditions, an attacker may impersonate an administrator of the product. As a result, information may be obtained and/or the product's settings may be altered with the privilege of the administrator.

Products Affected

Vendor Product Version
tp-link tl-sg105pe_firmware 1.0.0
CVE-2023-23040

TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
tp-link tl-wr940n_firmware 6_3.19.1
CVE-2023-2646 MEDIUM

A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,NVD-CWE-noinfo,CWE-404,

Products Affected

Vendor Product Version
tp-link archer_c7_firmware 180114
CVE-2023-27078

A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link tl-mr3020_firmware 1.0
CVE-2023-27098

TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
tp-link tapo *
CVE-2023-27126

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim.

Products Affected

Vendor Product Version
tp-link tapo_c200_firmware 1.2.2
CVE-2023-27332

TP-Link Archer AX21 tdpServer Logging Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logging functionality of the tdpServer program, which listens on UDP port 20002. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19898.

Products Affected

Vendor Product Version
tp-link archer_ax21_firmware 1.1.3
CVE-2023-27333

TP-Link Archer AX21 tmpServer Command 0x422 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command 0x422 provided to the tmpServer service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19905.

Products Affected

Vendor Product Version
tp-link archer_ax21_firmware 1.1.3
CVE-2023-27346

TP-Link AX1800 Firmware Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AX1800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of firmware images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19703.

Products Affected

Vendor Product Version
tp-link archer_ax21_firmware 1.1.1
CVE-2023-27359

TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hotplugd daemon. The issue results from firewall rule handling that allows an attacker access to resources that should be available to the LAN interface only. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the root user. . Was ZDI-CAN-19664.

Products Affected

Vendor Product Version
tp-link archer_ax21_firmware 1.1.1
CVE-2023-27836

TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.

Products Affected

Vendor Product Version
tp-link tl-wpa8630p_firmware 171011
CVE-2023-27837

TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774.

Products Affected

Vendor Product Version
tp-link tl-wpa8630p_firmware 171011
CVE-2023-28368

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.

Products Affected

Vendor Product Version
tp-link t2600g-28sq_firmware 20200304
tp-link t2600g-28sq_firmware 20190530
CVE-2023-28478

TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow.

Products Affected

Vendor Product Version
tp-link ec70_firmware *
CVE-2023-29562

TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale.

Products Affected

Vendor Product Version
tp-link tl-wpa7510_firmware 190125
CVE-2023-30383

TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.

Products Affected

Vendor Product Version
tp-link archer_c20_firmware 150707
tp-link archer_c2_v1_firmware 170228
tp-link archer_c50_firmware 160801
CVE-2023-31188

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link archer_c55_firmware *
tp-link archer_c50_v3_firmware *
CVE-2023-31700

TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd.

Products Affected

Vendor Product Version
tp-link tl-wpa4530_kit_firmware 161115
tp-link tl-wpa4530_kit_firmware 170406
CVE-2023-31701

TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.

Products Affected

Vendor Product Version
tp-link tl-wpa4530_kit_firmware 161115
tp-link tl-wpa4530_kit_firmware 170406
CVE-2023-31710

TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.

Products Affected

Vendor Product Version
tp-link archer_ax21_firmware 3_1.1.4
tp-link archer_ax21_firmware 3.6_1.1.4
CVE-2023-31756

A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter.

Products Affected

Vendor Product Version
tp-link archer_vr1600v_firmware *
CVE-2023-32619

Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link archer_c55_firmware *
tp-link archer_c50_v3_firmware *
CVE-2023-33536

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm.

Products Affected

Vendor Product Version
tp-link tl-wr740n_firmware -
tp-link tl-wr841n_firmware -
tp-link tl-wr940n_firmware -
CVE-2023-33537

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm.

Products Affected

Vendor Product Version
tp-link tl-wr740n_firmware -
tp-link tl-wr841n_firmware -
tp-link tl-wr940n_firmware -
CVE-2023-33538

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

Products Affected

Vendor Product Version
tp-link tl-wr740n_firmware -
tp-link tl-wr841n_firmware -
tp-link tl-wr940n_firmware -
CVE-2023-34829

Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
tp-link tapo *
CVE-2023-34832

TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4.

Products Affected

Vendor Product Version
tp-link archer_ax10_firmware 230220
CVE-2023-35717

TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link Tapo C210 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results from reliance upon the secrecy of the password derivation algorithm when generating a recovery password. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20484.

Products Affected

Vendor Product Version
tp-link tapo_c210_firmware 1.3.0
CVE-2023-36354

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

Products Affected

Vendor Product Version
tp-link tl-wr740n_firmware -
tp-link tl-wr941nd_firmware -
tp-link tl-wr841n_firmware -
tp-link tl-wr940n_firmware -
CVE-2023-36355

TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

Products Affected

Vendor Product Version
tp-link tl-wr940n_firmware -
CVE-2023-36356

TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

Products Affected

Vendor Product Version
tp-link tl-wr740n_firmware -
tp-link tl-wr941nd_firmware -
tp-link tl-wr841n_firmware -
tp-link tl-wr940n_firmware -
CVE-2023-36357

An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

Products Affected

Vendor Product Version
tp-link tl-wr941nd_firmware -
tp-link tl-wr841n_firmware -
tp-link tl-wr940n_firmware -
CVE-2023-36358

TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

Products Affected

Vendor Product Version
tp-link tl-wr743nd_firmware -
tp-link tl-wr941nd_firmware -
tp-link tl-wr841n_firmware -
tp-link tl-wr940n_firmware -
CVE-2023-36359

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

Products Affected

Vendor Product Version
tp-link tl-wr941nd_firmware -
tp-link tl-wr841n_firmware -
tp-link tl-wr940n_firmware -
CVE-2023-36489

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware *
tp-link tl-wr902ac_firmware *
tp-link tl-wr802n_firmware *
CVE-2023-36498

A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link er7206_firmware 1.3.0
CVE-2023-37284

Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link archer_c20_firmware *
CVE-2023-38563

Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link archer_c1200_firmware *
tp-link archer_c9_firmware *
CVE-2023-38568

Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link archer_a10_firmware *
CVE-2023-38588

Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link archer_c3150_firmware *
CVE-2023-38906

An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
tp-link tapo_l530e_firmware 1.0.0
tp-link tapo 2.8.14
CVE-2023-38907

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
tp-link tapo_l530e_firmware 1.0.0
tp-link tapo 2.8.14
CVE-2023-38908

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
tp-link tapo_l530e_firmware 1.0.0
tp-link tapo 2.8.14
CVE-2023-38909

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
tp-link tapo_l530e_firmware 1.0.0
tp-link tapo 2.8.14
CVE-2023-39224

Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link archer_c7_firmware *
CVE-2023-39471

TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21825.

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware *
tp-link tl-wr841n_firmware *
CVE-2023-39610

An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
tp-link tapo_c100_firmware *
CVE-2023-39745

TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
tp-link tl-wr841n_v8_firmware -
tp-link tl-wr941nd_v5_firmware -
tp-link tl-wr940n_v2_firmware -
CVE-2023-39747

TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link tl-wr841n_v8_firmware -
tp-link tl-wr941nd_v5_firmware -
tp-link tl-wr940n_v2_firmware -
CVE-2023-39748

An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
tp-link tl-wr1041n_v2_firmware -
CVE-2023-39751

TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link tl-wr941nd_v6_firmware -
CVE-2023-39935

Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link archer_c5400_firmware *
CVE-2023-40193

Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link deco_m4_firmware *
CVE-2023-40357

Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link archer_a10_firmware *
tp-link archer_ax11000_firmware *
tp-link archer_ax10_firmware *
tp-link archer_ax50_firmware *
CVE-2023-40531

Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link archer_ax6000_firmware *
CVE-2023-41184

TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Tapo C210 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the ActiveCells parameter of the CreateRules and ModifyRules APIs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20589.

Products Affected

Vendor Product Version
tp-link tapo_c210_firmware 1.3.0
CVE-2023-42189

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
yeelight smart_lamp_firmware 1.12.69
orein smart_bulb_firmware -
tp-link smart_plug_firmware -
phillips hue_bridge_firmware 1.59.1959097030
tapo mini_smart_wi-fi_plug_firmware -
nanoleaf lightstrip_firmware 3.5.10
eve eve_door_and_window_firmware -
govee led_strip_firmware 3.00.42
switchbot hub2_firmware 1.0-0.8
CVE-2023-42664

A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link er7206_firmware 1.3.0
CVE-2023-43135

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link tl-er5120g_firmware 2.0.0
CVE-2023-43137

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link tl-er5120g_firmware 2.0.0
CVE-2023-43138

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link tl-er5120g_firmware 2.0.0
CVE-2023-43318

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.

Products Affected

Vendor Product Version
tp-link tl-sg2210p_firmware 5.0
CVE-2023-43482

A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link er7206_firmware 1.3.0
CVE-2023-44447

TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-21529.

Products Affected

Vendor Product Version
tp-link tl-wr902ac_firmware 231025
tp-link tl-wr902ac_firmware 231027
CVE-2023-44448

TP-Link Archer A54 libcmm.so dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A54 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the file libcmm.so. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22262.

Products Affected

Vendor Product Version
tp-link archer_a54_firmware 0.9.1_0.4_v0001.0
CVE-2023-46371

TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link tl-wdr7660_firmware 2.0.30
CVE-2023-46373

TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link tl-wdr7660_firmware 2.0.30
CVE-2023-46520

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 3.0.14
CVE-2023-46521

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 3.0.14
CVE-2023-46522

TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 3.0.14
CVE-2023-46523

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 3.0.14
CVE-2023-46525

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 3.0.14
CVE-2023-46526

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 3.0.14
CVE-2023-46527

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 3.0.14
CVE-2023-46534

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 3.0.14
CVE-2023-46535

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 3.0.14
CVE-2023-46536

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 3.0.14
CVE-2023-46537

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 3.0.14
CVE-2023-46538

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 3.0.14
CVE-2023-46539

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link tl-wr886n_firmware 3.0.14
CVE-2023-46683

A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link er7206_firmware 1.3.0
CVE-2023-47167

A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link er7206_firmware 1.3.0
CVE-2023-47209

A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link er7206_firmware 1.3.0
CVE-2023-47617

A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link er7206_firmware 1.3.0
CVE-2023-47618

A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link er7206_firmware 1.3.0
CVE-2023-48724

A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
tp-link eap225_firmware 5.1.0
CVE-2023-49074

A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.4 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H 2.2 5.2

Products Affected

Vendor Product Version
tp-link eap225_firmware 5.1.0
CVE-2023-49133

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 20220926 of the AC1350 Wireless MU-MIMO Gigabit Access Point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
tp-link eap225_firmware 5.1.0
tp-link eap115_firmware 5.0.4
CVE-2023-49134

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
tp-link eap225_firmware 5.1.0
tp-link eap115_firmware 5.0.4
CVE-2023-49515

Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

Products Affected

Vendor Product Version
tp-link tapo_c200_firmware 1.3.9
tp-link tapo_c200_firmware 1.1.22
tp-link tapo_tc70_firmware 1.3.9
tp-link tapo_tc70_firmware 1.1.22
tp-link tapo_c200_firmware 1.3.4
tp-link tapo_tc70_firmware 1.3.4
CVE-2023-49906

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link eap225_firmware 5.1.0
CVE-2023-49907

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link eap225_firmware 5.1.0
tp-link eap115_firmware 5.0.4
CVE-2023-49908

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link eap225_firmware 5.1.0
CVE-2023-49909

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x0045ab38` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link eap225_firmware 5.1.0
CVE-2023-49910

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link eap225_firmware 5.1.0
tp-link eap115_firmware 5.0.4
CVE-2023-49911

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link eap225_firmware 5.1.0
tp-link eap115_firmware 5.0.4
CVE-2023-49912

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link eap225_firmware 5.1.0
tp-link eap115_firmware 5.0.4
CVE-2023-49913

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link eap225_firmware 5.1.0
tp-link eap115_firmware 5.0.4
CVE-2023-50224

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware 3.16.9
CVE-2023-50225

TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the libcmm.so module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-21819.

Products Affected

Vendor Product Version
tp-link tl-wr902ac_firmware 0.9.1_0.3_v008a.0
CVE-2024-10523

This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.

Products Affected

Vendor Product Version
tp-link tapo_h100_firmware *
CVE-2024-11237 HIGH

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-119,CWE-121,

Products Affected

Vendor Product Version
tp-link vn020-f3v(t)_firmware tt_v6.2.1021
CVE-2024-1179

TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420.

Products Affected

Vendor Product Version
tp-link omada_er605_firmware *
CVE-2024-1180

TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. The specific issue exists within the handling of the name field in the access control user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22227.

Products Affected

Vendor Product Version
tp-link omada_er605_firmware *
CVE-2024-12343 MEDIUM

A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cna@vuldb.com 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-120,

Products Affected

Vendor Product Version
tp-link vn020_f3v_firmware 6.2.1021
CVE-2024-12344 MEDIUM

A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cna@vuldb.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-787,

Products Affected

Vendor Product Version
tp-link vn020_f3v_firmware 6.2.1021
CVE-2024-21773

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link deco_xe200_firmware *
tp-link archer_ax3000_firmware *
tp-link archer_ax5400_firmware *
tp-link deco_x50_firmware *
CVE-2024-21821

Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link archer_ax3000_firmware *
tp-link archer_ax5400_firmware *
tp-link archer_axe75_firmware *
CVE-2024-21827

A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
talos-cna@cisco.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link er7206_firmware 1.4.1
CVE-2024-21833

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link deco_xe200_firmware *
tp-link archer_ax3000_firmware *
tp-link archer_ax5400_firmware *
tp-link archer_axe75_firmware *
tp-link deco_x50_firmware *
CVE-2024-2188

Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve-coordination@incibe.es 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 1.8 3.7

Products Affected

Vendor Product Version
tp-link archer_ax50_firmware 1.0.11
CVE-2024-22733

TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker.

Products Affected

Vendor Product Version
tp-link mr200_firmware 210201
CVE-2024-25139

In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119.

Products Affected

Vendor Product Version
tp-link omada_er605_firmware *
CVE-2024-37661

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.

Products Affected

Vendor Product Version
tp-link tl-7dr5130_firmware 1.0.23
CVE-2024-37662

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router.

Products Affected

Vendor Product Version
tp-link tl-7dr5130_firmware 1.0.23
CVE-2024-42815

In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

Products Affected

Vendor Product Version
tp-link re365_firmware 180213
CVE-2024-46313

TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link wr941nd_firmware -
CVE-2024-46325

TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url.

Products Affected

Vendor Product Version
tp-link wr740n_firmware -
CVE-2024-46340

TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link tl-wr845n_firmware 190219
tp-link tl-wr845n_firmware 200909
tp-link tl-wr845n_firmware 201214
CVE-2024-46341

TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link tl-wr845n_firmware 190219
CVE-2024-46486

TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function.

Products Affected

Vendor Product Version
tp-link tl-wdr5620_firmware 2.3
tp-link tl-wdr5620_firmware 2.6.60
CVE-2024-48288

TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend.

Products Affected

Vendor Product Version
tp-link tl-ipc42c_firmware 20211227_1.0.16
tp-link tl-ipc42c_firmware 4.0_20211227_1.0.16
CVE-2024-48710

In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.

Products Affected

Vendor Product Version
tp-link tl-wdr7660_firmware 1.0
CVE-2024-48712

In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.

Products Affected

Vendor Product Version
tp-link tl-wdr7660_firmware 1.0
CVE-2024-48713

In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.

Products Affected

Vendor Product Version
tp-link tl-wdr7660_firmware 1.0
CVE-2024-48714

In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities.

Products Affected

Vendor Product Version
tp-link tl-wdr7660_firmware 1.0
CVE-2024-50699

TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link tl-wr845n_firmware 190219
tp-link tl-wr845n_firmware 200909
tp-link tl-wr845n_firmware 201214
CVE-2024-5227

TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication. The specific flaw exists within the handling of the username parameter provided to the /usr/bin/pppd endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22446.

Products Affected

Vendor Product Version
tp-link omada_er605_firmware 2.2.2
CVE-2024-5228

TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22383.

Products Affected

Vendor Product Version
tp-link omada_er605_firmware 2.2.2
CVE-2024-5242

TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DDNS error codes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22522.

Products Affected

Vendor Product Version
tp-link omada_er605_firmware 2.2.2
CVE-2024-5243

TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DNS names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22523.

Products Affected

Vendor Product Version
tp-link omada_er605_firmware 2.2.2
CVE-2024-5244

TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the cmxddnsd executable. The issue results from reliance on obscurity to secure network data. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22439.

Products Affected

Vendor Product Version
tp-link omada_er605_firmware 2.2.2
CVE-2024-54887

TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link tl-wr940n_firmware *
CVE-2024-57049

A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the request, it will be recognized as passing the authentication. NOTE: this is disputed by the Supplier because the response to the API call is only "non-sensitive UI initialization variables."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link archer_c20_firmware 6.6_230412
CVE-2024-57357

An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
tp-link tl-wpa8630_firmware 2.0.4
CVE-2024-9284 MEDIUM

A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has been rated as critical. Affected by this issue is some unknown functionality of the file /userRpm/popupSiteSurveyRpm.htm. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-121,

Products Affected

Vendor Product Version
tp-link tl-wr841nd_firmware -
CVE-2025-0730 LOW

A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 2.2 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-598,

Products Affected

Vendor Product Version
tp-link tl-sg108e_firmware 1.0.0
CVE-2025-13399

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data.

Products Affected

Vendor Product Version
tp-link vx800v_firmware *
CVE-2025-14175

A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality.

Products Affected

Vendor Product Version
tp-link tl-wr820n_firmware *
CVE-2025-14299

The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS).

Products Affected

Vendor Product Version
tp-link tapo_c200_firmware 1.3.7
tp-link tapo_c200_firmware 1.4.1
tp-link tapo_c200_firmware 1.4.4
tp-link tapo_c200_firmware 1.3.3
tp-link tapo_c200_firmware 1.3.5
tp-link tapo_c200_firmware 1.3.4
tp-link tapo_c200_firmware 1.3.11
tp-link tapo_c200_firmware 1.3.15
tp-link tapo_c200_firmware 1.3.9
tp-link tapo_c200_firmware 1.3.14
tp-link tapo_c200_firmware 1.3.13
tp-link tapo_c200_firmware 1.4.2
CVE-2025-14300

The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS).

Products Affected

Vendor Product Version
tp-link tapo_c200_firmware 1.3.7
tp-link tapo_c200_firmware 1.4.1
tp-link tapo_c200_firmware 1.4.4
tp-link tapo_c200_firmware 1.3.3
tp-link tapo_c200_firmware 1.3.5
tp-link tapo_c200_firmware 1.3.4
tp-link tapo_c200_firmware 1.3.11
tp-link tapo_c200_firmware 1.3.15
tp-link tapo_c200_firmware 1.3.9
tp-link tapo_c200_firmware 1.3.14
tp-link tapo_c200_firmware 1.3.13
tp-link tapo_c200_firmware 1.4.2
CVE-2025-14631

A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows  an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.

Products Affected

Vendor Product Version
tp-link archer_be400_firmware *
CVE-2025-14737

Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.

Products Affected

Vendor Product Version
tp-link tl-wa850re_firmware *
CVE-2025-14738

Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.

Products Affected

Vendor Product Version
tp-link tl-wa850re_firmware *
CVE-2025-15517

A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations.

Products Affected

Vendor Product Version
tp-link archer_nx600_firmware *
tp-link archer_nx210_firmware *
tp-link archer_nx200_firmware *
tp-link archer_nx500_firmware *
CVE-2025-15518

Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.

Products Affected

Vendor Product Version
tp-link archer_nx600_firmware *
tp-link archer_nx210_firmware *
tp-link archer_nx200_firmware *
tp-link archer_nx500_firmware *
CVE-2025-15519

Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device.

Products Affected

Vendor Product Version
tp-link archer_nx600_firmware *
tp-link archer_nx210_firmware *
tp-link archer_nx200_firmware *
tp-link archer_nx500_firmware *
CVE-2025-15541

Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.

Products Affected

Vendor Product Version
tp-link vx800v_firmware *
CVE-2025-15542

Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls.

Products Affected

Vendor Product Version
tp-link vx800v_firmware *
CVE-2025-15543

Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only access to system files.

Products Affected

Vendor Product Version
tp-link vx800v_firmware *
CVE-2025-15545

The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability.

Products Affected

Vendor Product Version
tp-link archer_re605x_firmware *
CVE-2025-15548

Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality.

Products Affected

Vendor Product Version
tp-link vx800v_firmware *
CVE-2025-15551

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.

Products Affected

Vendor Product Version
tp-link tl-wr850n_firmware *
tp-link archer_mr200_firmware *
tp-link archer_c20_firmware *
tp-link tl-wr845n_firmware *
CVE-2025-15557

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications.  This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations.

Products Affected

Vendor Product Version
tp-link tapo_p100_firmware *
tp-link tapo_h100_firmware *
CVE-2025-15605

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.

Products Affected

Vendor Product Version
tp-link archer_nx600_firmware *
tp-link archer_nx210_firmware *
tp-link archer_nx200_firmware *
tp-link archer_nx500_firmware *
CVE-2025-15606

A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption, resulting in a DoS condition.

Products Affected

Vendor Product Version
tp-link td-w8961nd_firmware *
CVE-2025-15607

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands. Successful exploitation may allow execution of malicious commands and ultimately full control of the device.

Products Affected

Vendor Product Version
tp-link archer_ax53_firmware 1.0
CVE-2025-15608

This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques. Successful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device.

Products Affected

Vendor Product Version
tp-link archer_ax53_firmware 1.0
CVE-2025-25427

A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
tp-link wr841n_firmware *
CVE-2025-25899

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 3.5 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
tp-link tl-wr841nd_v11_firmware -
CVE-2025-25900

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
tp-link tl-wr841nd_v11_firmware -
CVE-2025-25901

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
tp-link tl-wr841nd_firmware -
CVE-2025-53711

A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware *
CVE-2025-53712

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware *
CVE-2025-53713

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_APC.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware *
CVE-2025-53714

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WzdWlanSiteSurveyRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware *
CVE-2025-53715

A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wan6to4TunnelCfgRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware *
CVE-2025-58077

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Products Affected

Vendor Product Version
tp-link archer_ax53_firmware 1.0
CVE-2025-58455

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Products Affected

Vendor Product Version
tp-link archer_ax53_firmware 1.0
CVE-2025-5875 HIGH

A vulnerability classified as critical has been found in TP-LINK Technologies TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n. Affected is the function sub_69064 of the file /bin/main. The manipulation of the argument text leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,CWE-120,CWE-120,

Products Affected

Vendor Product Version
tp-link tl-ipc544ep-w4_firmware 1.0.9
CVE-2025-59482

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Products Affected

Vendor Product Version
tp-link archer_ax53_firmware 1.0
CVE-2025-59487

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset is used to determine the write location in memory. By crafting a packet with a manipulated field offset, an attacker can redirect writes to arbitrary memory locations.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Products Affected

Vendor Product Version
tp-link archer_ax53_firmware 1.0
CVE-2025-6151

A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm, which may lead to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Products Affected

Vendor Product Version
tp-link tl-wr940n_firmware -
CVE-2025-61944

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Products Affected

Vendor Product Version
tp-link archer_ax53_firmware 1.0
CVE-2025-61983

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Products Affected

Vendor Product Version
tp-link archer_ax53_firmware 1.0
CVE-2025-62404

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Products Affected

Vendor Product Version
tp-link archer_ax53_firmware 1.0
CVE-2025-62405

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Products Affected

Vendor Product Version
tp-link archer_ax53_firmware 1.0
CVE-2025-62501

SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Products Affected

Vendor Product Version
tp-link archer_ax53_firmware 1.0
CVE-2025-62673

Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.

Products Affected

Vendor Product Version
tp-link archer_ax53_firmware 1.0
CVE-2025-6541

An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link g611_firmware *
tp-link er706w_firmware 1.2.1
tp-link er7412-m2_firmware *
tp-link er605_firmware *
tp-link fr307-m2_firmware *
tp-link fr205_firmware *
tp-link fr307-m2_firmware 1.2.5
tp-link er7412-m2_firmware 1.1.0
tp-link er7212pc_firmware *
tp-link er707-m2_firmware *
tp-link er8411_firmware *
tp-link g36_firmware *
tp-link fr365_firmware 1.1.10
tp-link er7212pc_firmware 2.1.3
tp-link fr205_firmware 1.0.3
tp-link fr365_firmware *
tp-link er707-m2_firmware 1.3.1
tp-link g611_firmware 1.2.2
tp-link g36_firmware 1.1.4
tp-link er706w-4g_firmware 1.2.1
tp-link er7206_firmware *
tp-link er7206_firmware 2.2.2
tp-link er706w_firmware *
tp-link er706w-4g_firmware *
tp-link er605_firmware 2.3.1
tp-link er8411_firmware 1.3.3
CVE-2025-6542

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link g611_firmware *
tp-link er706w_firmware 1.2.1
tp-link er7412-m2_firmware *
tp-link er605_firmware *
tp-link fr307-m2_firmware *
tp-link fr205_firmware *
tp-link fr307-m2_firmware 1.2.5
tp-link er7412-m2_firmware 1.1.0
tp-link er7212pc_firmware *
tp-link er707-m2_firmware *
tp-link er8411_firmware *
tp-link g36_firmware *
tp-link fr365_firmware 1.1.10
tp-link er7212pc_firmware 2.1.3
tp-link fr205_firmware 1.0.3
tp-link fr365_firmware *
tp-link er707-m2_firmware 1.3.1
tp-link g611_firmware 1.2.2
tp-link g36_firmware 1.1.4
tp-link er706w-4g_firmware 1.2.1
tp-link er7206_firmware *
tp-link er7206_firmware 2.2.2
tp-link er706w_firmware *
tp-link er706w-4g_firmware *
tp-link er605_firmware 2.3.1
tp-link er8411_firmware 1.3.3
CVE-2025-7375

A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610 firmware versions prior to 1.6.0.

Products Affected

Vendor Product Version
tp-link omada_eap610_firmware *
CVE-2025-7850

A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link g611_firmware *
tp-link er706w_firmware 1.2.1
tp-link er7412-m2_firmware *
tp-link er605_firmware *
tp-link fr307-m2_firmware *
tp-link fr205_firmware *
tp-link fr307-m2_firmware 1.2.5
tp-link er7412-m2_firmware 1.1.0
tp-link er7212pc_firmware *
tp-link er707-m2_firmware *
tp-link er8411_firmware *
tp-link g36_firmware *
tp-link fr365_firmware 1.1.10
tp-link er7212pc_firmware 2.1.3
tp-link fr205_firmware 1.0.3
tp-link fr365_firmware *
tp-link er707-m2_firmware 1.3.1
tp-link g611_firmware 1.2.2
tp-link g36_firmware 1.1.4
tp-link er706w-4g_firmware 1.2.1
tp-link er7206_firmware *
tp-link er7206_firmware 2.2.2
tp-link er706w_firmware *
tp-link er706w-4g_firmware *
tp-link er605_firmware 2.3.1
tp-link er8411_firmware 1.3.3
CVE-2025-7851

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
tp-link g611_firmware *
tp-link er706w_firmware 1.2.1
tp-link er7412-m2_firmware *
tp-link er605_firmware *
tp-link fr307-m2_firmware *
tp-link fr205_firmware *
tp-link fr307-m2_firmware 1.2.5
tp-link er7412-m2_firmware 1.1.0
tp-link er7212pc_firmware *
tp-link er707-m2_firmware *
tp-link er8411_firmware *
tp-link g36_firmware *
tp-link fr365_firmware 1.1.10
tp-link er7212pc_firmware 2.1.3
tp-link fr205_firmware 1.0.3
tp-link fr365_firmware *
tp-link er707-m2_firmware 1.3.1
tp-link g611_firmware 1.2.2
tp-link g36_firmware 1.1.4
tp-link er706w-4g_firmware 1.2.1
tp-link er7206_firmware *
tp-link er7206_firmware 2.2.2
tp-link er706w_firmware *
tp-link er706w-4g_firmware *
tp-link er605_firmware 2.3.1
tp-link er8411_firmware 1.3.3
CVE-2025-8065

A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP request with an oversized namespace prefix to cause memory corruption in stack. An unauthenticated attacker on the same local network may exploit this flaw to enable remote code execution with elevated privileges, leading to full compromise of the device.

Products Affected

Vendor Product Version
tp-link tapo_c200_firmware 1.3.7
tp-link tapo_c200_firmware 1.4.1
tp-link tapo_c200_firmware 1.4.4
tp-link tapo_c200_firmware 1.3.3
tp-link tapo_c200_firmware 1.3.5
tp-link tapo_c200_firmware 1.3.4
tp-link tapo_c200_firmware 1.3.11
tp-link tapo_c200_firmware 1.3.15
tp-link tapo_c200_firmware 1.3.9
tp-link tapo_c200_firmware 1.3.14
tp-link tapo_c200_firmware 1.3.13
tp-link tapo_c200_firmware 1.4.2
CVE-2025-8627

The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
tp-link kp303_firmware *
CVE-2025-9014

A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation.  A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N v14: before 250908.

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware *
CVE-2025-9289

A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality.

Products Affected

Vendor Product Version
tp-link oc220_firmware *
tp-link omada_controller *
tp-link oc300_firmware *
tp-link oc400_firmware *
tp-link oc200_firmware *
CVE-2025-9290

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality.

Products Affected

Vendor Product Version
tp-link dr3650v_firmware *
tp-link eap610_firmware *
tp-link er701-5g-outdoor_firmware *
tp-link er605_firmware *
tp-link eap610gp-desktop_firmware *
tp-link eap653_ur_firmware *
tp-link eap603gp-desktop_firmware *
tp-link eap625-outdoor_hd_firmware *
tp-link er605w_firmware *
tp-link eap725-wall_firmware *
tp-link eap620_hd_firmware *
tp-link eap783_firmware *
tp-link er7212pc_firmware *
tp-link eap772_firmware *
tp-link er707-m2_firmware *
tp-link eap615-wall_firmware *
tp-link eap650-outdoor_firmware *
tp-link eap610-outdoor_firmware *
tp-link er703wp-4g-outdoor_firmware *
tp-link dr3220v-4g_firmware *
tp-link eap603-outdoor_firmware *
tp-link eap770_firmware *
tp-link eap625gp-wall_firmware *
tp-link eap787_firmware *
tp-link eap772-outdoor_firmware *
tp-link er7206_firmware *
tp-link eap623-outdoor_hd_firmware *
tp-link eap615gp-wall_firmware *
tp-link eap720_firmware *
tp-link oc220_firmware *
tp-link er7406_firmware *
tp-link er7412-m2_firmware *
tp-link omada_controller *
tp-link oc300_firmware *
tp-link er706wp-4g_firmware *
tp-link eap653_firmware *
tp-link oc200_firmware *
tp-link oc220_firmware -
tp-link eap773_firmware *
tp-link eap650gp-desktop_firmware *
tp-link eap100-bridge_kit_firmware *
tp-link oc400_firmware *
tp-link g36w-4g_firmware *
tp-link er8411_firmware *
tp-link beam_bridge_5_ur_firmware *
tp-link fr365_firmware *
tp-link eap723_firmware *
tp-link eap211_bridge_kit_firmware *
tp-link dr3650v-4g_firmware *
tp-link eap655-wall_firmware *
tp-link eap650-desktop_firmware *
tp-link eap660_hd_firmware *
tp-link eap230-wall_firmware *
tp-link er706w_firmware *
tp-link er706w-4g_firmware *
tp-link eap235-wall_firmware *
tp-link eap215_bridge_kit_firmware *
CVE-2025-9292

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could allow unauthorized disclosure of sensitive information. Fixed in updated Omada Cloud Controller service versions deployed automatically by TP‑Link. No user action is required.

Products Affected

Vendor Product Version
tp-link tpcamera *
tp-link festa *
tp-link tp-partner *
tp-link aginet *
tp-link deco *
tp-link vigi *
tp-link omada *
tp-link kasa *
tp-link kidshield *
tp-link tapo *
tp-link tether *
tp-link wi-fi_navi *
tp-link wifi_toolkit *
tp-link omada_guard *
CVE-2025-9293

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.

Products Affected

Vendor Product Version
tp-link tpcamera *
tp-link festa *
tp-link tp-partner *
tp-link aginet *
tp-link deco *
tp-link vigi *
tp-link omada *
tp-link kasa *
tp-link kidshield *
tp-link tapo *
tp-link tether *
tp-link wi-fi_navi *
tp-link wifi_toolkit *
tp-link omada_guard *
CVE-2025-9377

The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
tp-link archer_c7_firmware *
tp-link tl-wr841nd_firmware *
tp-link tl-wr841n_firmware *
CVE-2025-9520

An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.

Products Affected

Vendor Product Version
tp-link omada_controller *
CVE-2025-9521

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security.

Products Affected

Vendor Product Version
tp-link omada_controller *
CVE-2025-9522

Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information.

Products Affected

Vendor Product Version
tp-link omada_controller *
CVE-2026-0630

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Archer AXE v1.0 < 1.5.3 Build 20260209 rel. 71108.

Products Affected

Vendor Product Version
tp-link archer_be230_firmware *
CVE-2026-0631

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

Products Affected

Vendor Product Version
tp-link archer_be230_firmware *
CVE-2026-0651

A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization fails. An attacker can exploit this logic flaw by supplying crafted, URL encoded traversal sequences that bypass directory restrictions and allow access to files outside the intended web root. Successful exploitation may allow authenticated attackers to get disclosure of sensitive system files and credentials, while unauthenticated attackers may gain access to non-sensitive static assets.

Products Affected

Vendor Product Version
tp-link tapo_c260_firmware *
CVE-2026-0652

On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cause full device compromise.

Products Affected

Vendor Product Version
tp-link tapo_c260_firmware *
CVE-2026-0653

On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration parameters without authorization, resulting in unauthorized device state manipulation but not full code execution.

Products Affected

Vendor Product Version
tp-link tapo_c260_firmware *
CVE-2026-0654

Improper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availability of the device. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822.

Products Affected

Vendor Product Version
tp-link deco_be25_firmware *
CVE-2026-0655

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service.  This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822.

Products Affected

Vendor Product Version
tp-link deco_be25_firmware *
CVE-2026-0834

Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability. This issue affects Archer C20 v6.0 < V6_251031, Archer C20 v5 <EU_V5_260317 or < US_V5_260419 Archer AX53 v1.0 < V1_251215 TL-WR841N v13 < 0.9.1 Build 20231120 Rel.62366

Products Affected

Vendor Product Version
tp-link archer_c20_firmware 6.0
tp-link archer_ax53_firmware 1.0
CVE-2026-0918

The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can repeatedly crash the service, causing temporary denial of service. The device restarts automatically, and repeated requests can keep it unavailable.

Products Affected

Vendor Product Version
tp-link tapo_c220_firmware *
tp-link tapo_c520ws_firmware *
CVE-2026-0919

The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can force repeated service crashes or device reboots, causing denial of service.

Products Affected

Vendor Product Version
tp-link tapo_c220_firmware *
tp-link tapo_c520ws_firmware *
CVE-2026-1315

By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or application initiated restart to restore normal device operation.

Products Affected

Vendor Product Version
tp-link tapo_c220_firmware *
tp-link tapo_c520ws_firmware *
CVE-2026-1457

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges.

Products Affected

Vendor Product Version
tp-link vigi_c385_firmware *
CVE-2026-1571

User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended actions if a privileged user is targeted.

Products Affected

Vendor Product Version
tp-link archer_c60_firmware *
CVE-2026-22220

A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device’s web interface to temporarily stop responding until it recovers or is rebooted. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

Products Affected

Vendor Product Version
tp-link archer_be230_firmware *
CVE-2026-22221

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

Products Affected

Vendor Product Version
tp-link archer_be230_firmware *
CVE-2026-22222

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

Products Affected

Vendor Product Version
tp-link archer_be230_firmware *
CVE-2026-22223

An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

Products Affected

Vendor Product Version
tp-link archer_be230_firmware *
CVE-2026-22224

A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

Products Affected

Vendor Product Version
tp-link archer_be230_firmware *
CVE-2026-22225

A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2  and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Archer AXE v1.0 < 1.5.3 Build 20260209 rel. 71108.

Products Affected

Vendor Product Version
tp-link archer_be230_firmware *
CVE-2026-22226

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

Products Affected

Vendor Product Version
tp-link archer_be230_firmware *
CVE-2026-22227

A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

Products Affected

Vendor Product Version
tp-link archer_be230_firmware *
CVE-2026-22228

An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420.

Products Affected

Vendor Product Version
tp-link archer_be230_firmware *
CVE-2026-22229

A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Deco BE25 v1.0: through 1.1.1 Build 20250822.

Products Affected

Vendor Product Version
tp-link archer_be230_firmware *
CVE-2026-3227

A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing. Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
tp-link tl-wr840n_firmware *
tp-link tl-wr841n_firmware *
tp-link tl-wr802n_firmware *
CVE-2026-34118

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input.  An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries.  Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive.

Products Affected

Vendor Product Version
tp-link tapo_c520ws_firmware *
CVE-2026-34119

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input.  An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries.  Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive.

Products Affected

Vendor Product Version
tp-link tapo_c520ws_firmware *
CVE-2026-34120

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries.  Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive.

Products Affected

Vendor Product Version
tp-link tapo_c520ws_firmware *
CVE-2026-34121

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an authentication-exempt action to a request containing privileged DS do actions, bypassing authorization checks. Successful exploitation allows unauthenticated execution of restricted configuration actions, which may result in unauthorized modification of device state.

Products Affected

Vendor Product Version
tp-link tapo_c520ws_firmware *
CVE-2026-34122

A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable configuration parameter, resulting in a stack overflow. Successful exploitation results in Denial-of-Service (DoS) condition, leading to a service crash or device reboot, impacting availability.

Products Affected

Vendor Product Version
tp-link tapo_c520ws_firmware *
CVE-2026-34124

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent network may send a crafted HTTP request to cause buffer overflow and memory corruption, leading to system interruption or device reboot.

Products Affected

Vendor Product Version
tp-link tapo_c520ws_firmware *
CVE-2026-3622

The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition.  This vulnerability affects TL-WR841N v14 < EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304).

Products Affected

Vendor Product Version
tp-link tl-wr841n_firmware *
CVE-2026-4346

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the serial port can recover sensitive information, including the router’s management password and wireless network key. Successful exploitation can lead to full administrative control of the device and unauthorized access to the associated wireless network.

Products Affected

Vendor Product Version
tp-link tl-wr850n_firmware *