Filtered by vendor Tp-link
Subscriptions
Total
364 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29280 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-08-03 | 6.4 Medium |
| In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow | ||||
| CVE-2021-28858 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2024-08-03 | 5.5 Medium |
| TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the local network can monitor traffic and capture the cookie and other sensitive information. | ||||
| CVE-2021-28857 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2024-08-03 | 7.5 High |
| TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. | ||||
| CVE-2021-27245 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2024-08-03 | 8.1 High |
| This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-12309. | ||||
| CVE-2021-27246 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2024-08-03 | 8.0 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of MAC addresses by the tdpServer endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-12306. | ||||
| CVE-2021-27210 | 1 Tp-link | 2 Archer C5v, Archer C5v Firmware | 2024-08-03 | 6.5 Medium |
| TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI. | ||||
| CVE-2021-27209 | 1 Tp-link | 2 Archer C5v, Archer C5v Firmware | 2024-08-03 | 7.1 High |
| In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP. | ||||
| CVE-2021-26827 | 1 Tp-link | 2 Tl-wr2041\+, Tl-wr2041\+ Firmware | 2024-08-03 | 7.5 High |
| Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the "/userRpm/popupSiteSurveyRpm.html" webpage, which crashes the router. | ||||
| CVE-2021-4144 | 1 Tp-link | 2 Tl-wr802n, Tl-wr802n Firmware | 2024-08-03 | 8.8 High |
| TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. | ||||
| CVE-2021-3275 | 1 Tp-link | 10 Archer-c3150, Archer-c3150 Firmware, Td-w9977 and 7 more | 2024-08-03 | 6.1 Medium |
| Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization. | ||||
| CVE-2021-3125 | 1 Tp-link | 12 Tl-xdr1850, Tl-xdr1850 Firmware, Tl-xdr1860 and 9 more | 2024-08-03 | 7.5 High |
| In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. | ||||
| CVE-2022-48194 | 1 Tp-link | 2 Tl-wr902ac, Tl-wr902ac Firmware | 2024-08-03 | 8.8 High |
| TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) by uploading a crafted firmware update because the signature check is inadequate. | ||||
| CVE-2022-46914 | 1 Tp-link | 4 Tl-wa801n, Tl-wa801n Firmware, Tl-wa801nd V1 and 1 more | 2024-08-03 | 8.8 High |
| An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. | ||||
| CVE-2022-46912 | 1 Tp-link | 4 Tl-wr841n, Tl-wr841n Firmware, Tl-wr841nd V7 and 1 more | 2024-08-03 | 8.8 High |
| An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. | ||||
| CVE-2022-46910 | 1 Tp-link | 6 Tl-wa901n, Tl-wa901n Firmware, Tl-wa901nd V1 and 3 more | 2024-08-03 | 8.8 High |
| An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. | ||||
| CVE-2022-46428 | 1 Tp-link | 2 Tl-wr1043nd V1, Tl-wr1043nd V1 Firmware | 2024-08-03 | 4.8 Medium |
| TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | ||||
| CVE-2022-46432 | 1 Tp-link | 2 Tl-wr743nd V1, Tl-wr743nd V1 Firmware | 2024-08-03 | 7.5 High |
| An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v3.12.20 and earlier. | ||||
| CVE-2022-46430 | 1 Tp-link | 8 Tl-wr740n V1, Tl-wr740n V1 Firmware, Tl-wr740n V2 and 5 more | 2024-08-03 | 4.8 Medium |
| TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | ||||
| CVE-2022-46435 | 1 Tp-link | 6 Tl-wr941nd V2, Tl-wr941nd V2 Firmware, Tl-wr941nd V3 and 3 more | 2024-08-03 | 8.8 High |
| An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. | ||||
| CVE-2022-46434 | 1 Tp-link | 2 Tl-wa7510n V1, Tl-wa7510n V1 Firmware | 2024-08-03 | 7.5 High |
| An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12.6 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. | ||||