Filtered by vendor Tp-link
Subscriptions
Total
368 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-36489 | 1 Tp-link | 6 Tl-wr802n, Tl-wr802n Firmware, Tl-wr841n and 3 more | 2024-11-21 | 8.8 High |
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. | ||||
CVE-2023-36359 | 1 Tp-link | 6 Tl-wr841n, Tl-wr841n Firmware, Tl-wr940n and 3 more | 2024-11-21 | 7.5 High |
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | ||||
CVE-2023-36358 | 1 Tp-link | 8 Tl-wr743nd, Tl-wr743nd Firmware, Tl-wr841n and 5 more | 2024-11-21 | 7.7 High |
TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | ||||
CVE-2023-34832 | 1 Tp-link | 2 Archer Ax10, Archer Ax10 Firmware | 2024-11-21 | 9.8 Critical |
TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4. | ||||
CVE-2023-34829 | 1 Tp-link | 1 Tapo | 2024-11-21 | 6.5 Medium |
Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. | ||||
CVE-2023-33538 | 1 Tp-link | 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more | 2024-11-21 | 8.8 High |
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . | ||||
CVE-2023-33537 | 1 Tp-link | 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more | 2024-11-21 | 8.1 High |
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm. | ||||
CVE-2023-33536 | 1 Tp-link | 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more | 2024-11-21 | 8.1 High |
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm. | ||||
CVE-2023-32619 | 1 Tp-link | 4 Archer C50 V3, Archer C50 V3 Firmware, Archer C55 and 1 more | 2024-11-21 | 8.8 High |
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. | ||||
CVE-2023-31756 | 1 Tp-link | 2 Archer Vr1600v, Archer Vr1600v Firmware | 2024-11-21 | 6.7 Medium |
A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter. | ||||
CVE-2023-31710 | 1 Tp-link | 2 Archer Ax21, Archer Ax21 Firmware | 2024-11-21 | 9.8 Critical |
TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow. | ||||
CVE-2023-31701 | 1 Tp-link | 2 Tl-wpa4530 Kit, Tl-wpa4530 Kit Firmware | 2024-11-21 | 8.8 High |
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove. | ||||
CVE-2023-31700 | 1 Tp-link | 2 Tl-wpa4530 Kit, Tl-wpa4530 Kit Firmware | 2024-11-21 | 8.8 High |
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd. | ||||
CVE-2023-31188 | 1 Tp-link | 5 Archer C20 Firmware, Archer C50 V3, Archer C50 V3 Firmware and 2 more | 2024-11-21 | 8 High |
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'. | ||||
CVE-2023-30383 | 1 Tp-link | 7 Archer C2, Archer C20, Archer C20 Firmware and 4 more | 2024-11-21 | 7.5 High |
TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data. | ||||
CVE-2023-2646 | 1 Tp-link | 2 Archer C7, Archer C7 Firmware | 2024-11-21 | 4.5 Medium |
A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-29562 | 1 Tp-link | 2 Tl-wpa7510, Tl-wpa7510 Firmware | 2024-11-21 | 9.8 Critical |
TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale. | ||||
CVE-2023-28478 | 1 Tp-link | 2 Ec70, Ec70 Firmware | 2024-11-21 | 8.8 High |
TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow. | ||||
CVE-2023-28368 | 1 Tp-link | 2 T2600g-28sq, T2600g-28sq Firmware | 2024-11-21 | 5.7 Medium |
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained. | ||||
CVE-2023-27837 | 1 Tp-link | 2 Tl-wpa8630p, Tl-wpa8630p Firmware | 2024-11-21 | 9.8 Critical |
TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774. |