Filtered by vendor Tp-link
Subscribe
Total
424 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50224 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2025-10-27 | N/A | 6.5 MEDIUM |
| TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899. | |||||
| CVE-2023-33538 | 1 Tp-link | 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more | 2025-10-27 | N/A | 8.8 HIGH |
| TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | |||||
| CVE-2025-7851 | 1 Tp-link | 26 Er605, Er605 Firmware, Er706w and 23 more | 2025-10-24 | N/A | 9.8 CRITICAL |
| An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways. | |||||
| CVE-2025-7850 | 1 Tp-link | 26 Er605, Er605 Firmware, Er706w and 23 more | 2025-10-24 | N/A | 7.2 HIGH |
| A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways. | |||||
| CVE-2025-6542 | 1 Tp-link | 26 Er605, Er605 Firmware, Er706w and 23 more | 2025-10-24 | N/A | 9.8 CRITICAL |
| An arbitrary OS command may be executed on the product by a remote unauthenticated attacker. | |||||
| CVE-2025-6541 | 1 Tp-link | 26 Er605, Er605 Firmware, Er706w and 23 more | 2025-10-24 | N/A | 8.8 HIGH |
| An arbitrary OS command may be executed on the product by the user who can log in to the web management interface. | |||||
| CVE-2023-1389 | 1 Tp-link | 2 Archer Ax21, Archer Ax21 Firmware | 2025-10-22 | N/A | 8.8 HIGH |
| TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. | |||||
| CVE-2020-24363 | 1 Tp-link | 2 Tl-wa855re, Tl-wa855re Firmware | 2025-10-22 | 8.3 HIGH | 8.8 HIGH |
| TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. | |||||
| CVE-2015-3035 | 1 Tp-link | 26 Archer C5 \(1.2\), Archer C5 \(1.2\) Firmware, Archer C7 \(2.0\) and 23 more | 2025-10-22 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. | |||||
| CVE-2025-9377 | 1 Tp-link | 6 Archer C7, Archer C7 Firmware, Tl-wr841n and 3 more | 2025-10-21 | N/A | 7.2 HIGH |
| The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108. Both products have reached the status of EOL (end-of-life). It's recommending to purchase the new product to ensure better performance and security. If replacement is not an option in the short term, please use the second reference link to download and install the patch(es). | |||||
| CVE-2024-25139 | 1 Tp-link | 2 Omada Er605, Omada Er605 Firmware | 2025-09-18 | N/A | 10.0 CRITICAL |
| In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119. | |||||
| CVE-2025-8627 | 1 Tp-link | 2 Kp303, Kp303 Firmware | 2025-09-15 | N/A | 8.8 HIGH |
| The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0. | |||||
| CVE-2024-21827 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-09-05 | N/A | 7.2 HIGH |
| A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2023-44447 | 1 Tp-link | 2 Tl-wr902ac, Tl-wr902ac Firmware | 2025-09-04 | N/A | 6.5 MEDIUM |
| TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-21529. | |||||
| CVE-2023-49913 | 1 Tp-link | 4 Eap115, Eap115 Firmware, Eap225 and 1 more | 2025-08-21 | N/A | 7.2 HIGH |
| A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | |||||
| CVE-2023-49912 | 1 Tp-link | 4 Eap115, Eap115 Firmware, Eap225 and 1 more | 2025-08-21 | N/A | 7.2 HIGH |
| A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | |||||
| CVE-2023-49911 | 1 Tp-link | 4 Eap115, Eap115 Firmware, Eap225 and 1 more | 2025-08-21 | N/A | 7.2 HIGH |
| A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | |||||
| CVE-2023-49910 | 1 Tp-link | 4 Eap115, Eap115 Firmware, Eap225 and 1 more | 2025-08-21 | N/A | 7.2 HIGH |
| A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped with v5.0.4 Build 20220216 of the EAP115. | |||||
| CVE-2023-49909 | 1 Tp-link | 2 Eap225, Eap225 Firmware | 2025-08-21 | N/A | 7.2 HIGH |
| A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x0045ab38` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. | |||||
| CVE-2023-49908 | 1 Tp-link | 2 Eap225, Eap225 Firmware | 2025-08-21 | N/A | 7.2 HIGH |
| A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary shipped with v5.1.0 Build 20220926 of the EAP225. | |||||