Filtered by vendor Tp-link
Subscribe
Total
507 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-30814 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-04-14 | N/A | 8.0 HIGH |
| A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213. | |||||
| CVE-2026-3227 | 1 Tp-link | 6 Tl-wr802n, Tl-wr802n Firmware, Tl-wr840n and 3 more | 2026-04-07 | N/A | 6.8 MEDIUM |
| A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing. Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise. | |||||
| CVE-2026-34118 | 1 Tp-link | 2 Tapo C520ws, Tapo C520ws Firmware | 2026-04-06 | N/A | 6.5 MEDIUM |
| A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input. An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries. Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive. | |||||
| CVE-2026-34119 | 1 Tp-link | 2 Tapo C520ws, Tapo C520ws Firmware | 2026-04-06 | N/A | 6.5 MEDIUM |
| A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input. An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries. Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive. | |||||
| CVE-2026-34120 | 1 Tp-link | 2 Tapo C520ws, Tapo C520ws Firmware | 2026-04-06 | N/A | 6.5 MEDIUM |
| A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries. Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive. | |||||
| CVE-2026-34121 | 1 Tp-link | 2 Tapo C520ws, Tapo C520ws Firmware | 2026-04-06 | N/A | 8.8 HIGH |
| An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an authentication-exempt action to a request containing privileged DS do actions, bypassing authorization checks. Successful exploitation allows unauthenticated execution of restricted configuration actions, which may result in unauthorized modification of device state. | |||||
| CVE-2026-34122 | 1 Tp-link | 2 Tapo C520ws, Tapo C520ws Firmware | 2026-04-06 | N/A | 6.5 MEDIUM |
| A stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable configuration parameter, resulting in a stack overflow. Successful exploitation results in Denial-of-Service (DoS) condition, leading to a service crash or device reboot, impacting availability. | |||||
| CVE-2026-34124 | 1 Tp-link | 2 Tapo C520ws, Tapo C520ws Firmware | 2026-04-06 | N/A | 6.5 MEDIUM |
| A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent network may send a crafted HTTP request to cause buffer overflow and memory corruption, leading to system interruption or device reboot. | |||||
| CVE-2025-14300 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2026-04-03 | N/A | 8.1 HIGH |
| The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS). | |||||
| CVE-2025-8065 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2026-04-03 | N/A | 6.5 MEDIUM |
| A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a fixed-size stack buffer. It allowed a crafted SOAP request with an oversized namespace prefix to cause memory corruption in stack. An unauthenticated attacker on the same local network may exploit this flaw to enable remote code execution with elevated privileges, leading to full compromise of the device. | |||||
| CVE-2025-15608 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-04-02 | N/A | 9.8 CRITICAL |
| This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques. Successful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device. | |||||
| CVE-2025-15607 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-04-02 | N/A | 9.8 CRITICAL |
| A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands. Successful exploitation may allow execution of malicious commands and ultimately full control of the device. | |||||
| CVE-2026-0651 | 1 Tp-link | 2 Tapo C260, Tapo C260 Firmware | 2026-04-02 | N/A | 7.8 HIGH |
| A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization fails. An attacker can exploit this logic flaw by supplying crafted, URL encoded traversal sequences that bypass directory restrictions and allow access to files outside the intended web root. Successful exploitation may allow authenticated attackers to get disclosure of sensitive system files and credentials, while unauthenticated attackers may gain access to non-sensitive static assets. | |||||
| CVE-2026-1668 | 1 Tp-link | 78 Omada Sg2005p-pd, Omada Sg2005p-pd Firmware, Omada Sg2008 and 75 more | 2026-04-02 | N/A | 9.8 CRITICAL |
| The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service. | |||||
| CVE-2026-3841 | 1 Tp-link | 2 Tl-mr6400, Tl-mr6400 Firmware | 2026-04-02 | N/A | 8.8 HIGH |
| A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute arbitrary system commands. Successful exploitation may lead to full device compromise, including potential loss of confidentiality, integrity, and availability. | |||||
| CVE-2025-9292 | 1 Tp-link | 14 Aginet, Deco, Festa and 11 more | 2026-04-01 | N/A | 7.5 HIGH |
| A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could allow unauthorized disclosure of sensitive information. Fixed in updated Omada Cloud Controller service versions deployed automatically by TP‑Link. No user action is required. | |||||
| CVE-2025-9293 | 1 Tp-link | 14 Aginet, Deco, Festa and 11 more | 2026-04-01 | N/A | 8.1 HIGH |
| A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data. | |||||
| CVE-2026-4346 | 1 Tp-link | 2 Tl-wr850n, Tl-wr850n Firmware | 2026-03-31 | N/A | 6.8 MEDIUM |
| The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the serial port can recover sensitive information, including the router’s management password and wireless network key. Successful exploitation can lead to full administrative control of the device and unauthorized access to the associated wireless network. | |||||
| CVE-2026-3622 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2026-03-31 | N/A | 7.5 HIGH |
| The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This vulnerability affects TL-WR841N v14 < EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304). | |||||
| CVE-2025-15517 | 1 Tp-link | 8 Archer Nx200, Archer Nx200 Firmware, Archer Nx210 and 5 more | 2026-03-31 | N/A | 8.1 HIGH |
| A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations. | |||||