Filtered by vendor Tp-link
Subscribe
Total
509 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3622 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2026-03-31 | N/A | 7.5 HIGH |
| The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This vulnerability affects TL-WR841N v14 < EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304). | |||||
| CVE-2025-15517 | 1 Tp-link | 8 Archer Nx200, Archer Nx200 Firmware, Archer Nx210 and 5 more | 2026-03-31 | N/A | 8.1 HIGH |
| A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations. | |||||
| CVE-2025-15518 | 1 Tp-link | 8 Archer Nx200, Archer Nx200 Firmware, Archer Nx210 and 5 more | 2026-03-31 | N/A | 7.2 HIGH |
| Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device. | |||||
| CVE-2025-15519 | 1 Tp-link | 8 Archer Nx200, Archer Nx200 Firmware, Archer Nx210 and 5 more | 2026-03-31 | N/A | 7.2 HIGH |
| Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device. | |||||
| CVE-2025-15605 | 1 Tp-link | 8 Archer Nx200, Archer Nx200 Firmware, Archer Nx210 and 5 more | 2026-03-31 | N/A | 7.3 HIGH |
| A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data. | |||||
| CVE-2025-15606 | 1 Tp-link | 2 Td-w8961n, Td-w8961nd Firmware | 2026-03-31 | N/A | 7.5 HIGH |
| A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption, resulting in a DoS condition. | |||||
| CVE-2026-22225 | 1 Tp-link | 2 Archer Be230, Archer Be230 Firmware | 2026-03-19 | N/A | 7.2 HIGH |
| A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Archer AXE v1.0 < 1.5.3 Build 20260209 rel. 71108. | |||||
| CVE-2026-0630 | 1 Tp-link | 2 Archer Be230, Archer Be230 Firmware | 2026-03-19 | N/A | 8.0 HIGH |
| An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Archer AXE v1.0 < 1.5.3 Build 20260209 rel. 71108. | |||||
| CVE-2025-53711 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2026-03-19 | N/A | 7.5 HIGH |
| A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-62673 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-03-16 | N/A | 8.0 HIGH |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | |||||
| CVE-2025-62501 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-03-16 | N/A | 8.1 HIGH |
| SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | |||||
| CVE-2025-62405 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-03-16 | N/A | 8.0 HIGH |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | |||||
| CVE-2025-62404 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-03-16 | N/A | 8.0 HIGH |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | |||||
| CVE-2025-61983 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-03-16 | N/A | 8.0 HIGH |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | |||||
| CVE-2025-61944 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-03-16 | N/A | 8.0 HIGH |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | |||||
| CVE-2025-59487 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-03-16 | N/A | 8.0 HIGH |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset is used to determine the write location in memory. By crafting a packet with a manipulated field offset, an attacker can redirect writes to arbitrary memory locations.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | |||||
| CVE-2025-59482 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-03-16 | N/A | 8.0 HIGH |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | |||||
| CVE-2025-58455 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-03-16 | N/A | 8.0 HIGH |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | |||||
| CVE-2025-58077 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-03-16 | N/A | 8.0 HIGH |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | |||||
| CVE-2025-9290 | 1 Tp-link | 111 Beam Bridge 5 Ur, Beam Bridge 5 Ur Firmware, Dr3220v-4g and 108 more | 2026-03-16 | N/A | 5.9 MEDIUM |
| An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication through offline precomputation, potentially exposing sensitive information and compromising confidentiality. | |||||