Filtered by vendor Tp-link
Subscriptions
Total
364 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44623 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-08-04 | 9.8 Critical |
| A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface. | ||||
| CVE-2021-44631 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-08-04 | 9.8 Critical |
| A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request. | ||||
| CVE-2021-44622 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-08-04 | 9.8 Critical |
| A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request. | ||||
| CVE-2021-44628 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-08-04 | 9.8 Critical |
| A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. | ||||
| CVE-2021-44629 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-08-04 | 9.8 Critical |
| A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. | ||||
| CVE-2021-44625 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-08-04 | 9.8 Critical |
| A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request. | ||||
| CVE-2021-44630 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-08-04 | 9.8 Critical |
| A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. | ||||
| CVE-2021-44032 | 1 Tp-link | 1 Omada Software Controller | 2024-08-04 | 7.5 High |
| TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. An attacker can bypass the captive portal authentication process by using the downgraded "no authentication" method, and access the protected network. For example, the attacker can simply set window.authType=0 in client-side JavaScript. | ||||
| CVE-2021-42232 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2024-08-04 | 9.8 Critical |
| TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router. | ||||
| CVE-2021-41653 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-08-04 | 9.8 Critical |
| The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | ||||
| CVE-2021-41450 | 1 Tp-link | 2 Archer Ax10 V1, Archer Ax10 V1 Firmware | 2024-08-04 | 7.5 High |
| An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. | ||||
| CVE-2021-41451 | 1 Tp-link | 2 Archer Ax10, Archer Ax10 Firmware | 2024-08-04 | 7.5 High |
| A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack. | ||||
| CVE-2021-40288 | 1 Tp-link | 2 Archer Ax10, Archer Ax10 Firmware | 2024-08-04 | 7.5 High |
| A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames | ||||
| CVE-2021-38543 | 1 Tp-link | 2 Ue330, Ue330 Firmware | 2024-08-04 | 5.9 Medium |
| TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. We assume that the USB splitter supplies power to some speakers. The power indicator LED of the USB splitter is connected directly to the power line, as a result, the intensity of the USB splitter's power indicator LED is correlative to its power consumption. The sound played by the connected speakers affects the USB splitter's power consumption and as a result is also correlative to the light intensity of the LED. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LED of the USB splitter, we can recover the sound played by the connected speakers. | ||||
| CVE-2021-37774 | 1 Tp-link | 2 Tl-wdr7660, Tl-wdr7660 Firmware | 2024-08-04 | 8.0 High |
| An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code. | ||||
| CVE-2021-35003 | 1 Tp-link | 2 Archer C90, Archer C90 Firmware | 2024-08-04 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14655. | ||||
| CVE-2021-35004 | 1 Tp-link | 2 Tl-wa1201, Tl-wa1201 Firmware | 2024-08-04 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14656. | ||||
| CVE-2021-31658 | 1 Tp-link | 4 Tl-sg2005, Tl-sg2005 Firmware, Tl-sg2008 and 1 more | 2024-08-03 | 8.1 High |
| TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased. | ||||
| CVE-2021-31659 | 1 Tp-link | 4 Tl-sg2005, Tl-sg2005 Firmware, Tl-sg2008 and 1 more | 2024-08-03 | 8.8 High |
| TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with. | ||||
| CVE-2021-29302 | 1 Tp-link | 2 Tl-wr802n, Tl-wr802n Firmware | 2024-08-03 | 8.1 High |
| TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution. | ||||