Filtered by vendor Tp-link
Subscriptions
Total
354 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50224 | 1 Tp-link | 1 Tl-wr841n Firmware | 2024-09-18 | N/A |
| TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899. | ||||
| CVE-2023-41184 | 1 Tp-link | 1 C210 | 2024-09-18 | N/A |
| TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Tapo C210 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the ActiveCells parameter of the CreateRules and ModifyRules APIs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20589. | ||||
| CVE-2023-27359 | 1 Tp-link | 1 Ax1800 | 2024-09-18 | N/A |
| TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hotplugd daemon. The issue results from firewall rule handling that allows an attacker access to resources that should be available to the LAN interface only. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the root user. . Was ZDI-CAN-19664. | ||||
| CVE-2023-27332 | 1 Tp-link | 1 Archer Ax21 Firmware | 2024-09-18 | N/A |
| TP-Link Archer AX21 tdpServer Logging Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logging functionality of the tdpServer program, which listens on UDP port 20002. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-19898. | ||||
| CVE-2018-3948 | 1 Tp-link | 2 Tl-r600vpn, Tl-r600vpn Firmware | 2024-09-17 | 7.5 High |
| An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability. | ||||
| CVE-2018-3950 | 1 Tp-link | 2 Tl-r600vpn, Tl-r600vpn Firmware | 2024-09-17 | 8.8 High |
| An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2018-17011 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-09-17 | N/A |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun. | ||||
| CVE-2013-2580 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2024-09-17 | N/A |
| Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file in the mnt/mtd directory. | ||||
| CVE-2018-17004 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-09-17 | N/A |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name. | ||||
| CVE-2019-6487 | 1 Tp-link | 10 Tl-wdr3500, Tl-wdr3500 Firmware, Tl-wdr3600 and 7 more | 2024-09-17 | N/A |
| TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field. | ||||
| CVE-2018-12693 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2024-09-17 | N/A |
| Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json. | ||||
| CVE-2018-17008 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-09-17 | N/A |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g power. | ||||
| CVE-2021-4045 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2024-09-17 | 9.8 Critical |
| TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera. | ||||
| CVE-2018-17012 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-09-17 | N/A |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit. | ||||
| CVE-2018-17017 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-09-17 | N/A |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for dhcpd udhcpd enable. | ||||
| CVE-2018-17015 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-09-17 | N/A |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username. | ||||
| CVE-2018-20372 | 1 Tp-link | 2 Td-w8961nd, Td-w8961nd Firmware | 2024-09-17 | N/A |
| TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. | ||||
| CVE-2018-17006 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-09-17 | N/A |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2. | ||||
| CVE-2018-17018 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-09-17 | N/A |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name. | ||||
| CVE-2018-3951 | 1 Tp-link | 2 Tl-r600vpn, Tl-r600vpn Firmware | 2024-09-17 | 7.2 High |
| An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. | ||||