Filtered by vendor Tp-link
Subscriptions
Total
413 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38908 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | 6.5 Medium |
| An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function. | ||||
| CVE-2023-38907 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | 7.5 High |
| An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key. | ||||
| CVE-2023-38906 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | 6.5 Medium |
| An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message. | ||||
| CVE-2023-38588 | 1 Tp-link | 2 Archer C3150, Archer C3150 Firmware | 2024-11-21 | 8 High |
| Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | ||||
| CVE-2023-38568 | 1 Tp-link | 2 Archer A10, Archer A10 Firmware | 2024-11-21 | 8.8 High |
| Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | ||||
| CVE-2023-38563 | 1 Tp-link | 5 Archer C1200, Archer C1200 Firmware, Archer C9 and 2 more | 2024-11-21 | 8.8 High |
| Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | ||||
| CVE-2023-37284 | 1 Tp-link | 2 Archer C20, Archer C20 Firmware | 2024-11-21 | 8.8 High |
| Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication. | ||||
| CVE-2023-36498 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-11-21 | 7.2 High |
| A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell. | ||||
| CVE-2023-36489 | 1 Tp-link | 6 Tl-wr802n, Tl-wr802n Firmware, Tl-wr841n and 3 more | 2024-11-21 | 8.8 High |
| Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. | ||||
| CVE-2023-32619 | 1 Tp-link | 4 Archer C50 V3, Archer C50 V3 Firmware, Archer C55 and 1 more | 2024-11-21 | 8.8 High |
| Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. | ||||
| CVE-2023-31710 | 1 Tp-link | 2 Archer Ax21, Archer Ax21 Firmware | 2024-11-21 | 9.8 Critical |
| TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow. | ||||
| CVE-2023-31188 | 1 Tp-link | 5 Archer C20 Firmware, Archer C50 V3, Archer C50 V3 Firmware and 2 more | 2024-11-21 | 8 High |
| Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'. | ||||
| CVE-2023-30383 | 1 Tp-link | 7 Archer C2, Archer C20, Archer C20 Firmware and 4 more | 2024-11-21 | 7.5 High |
| TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data. | ||||
| CVE-2022-37860 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-11-21 | 9.8 Critical |
| The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. | ||||
| CVE-2022-34555 | 1 Tp-link | 2 Tl-r473g, Tl-r473g Firmware | 2024-11-21 | 9.8 Critical |
| TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet. | ||||
| CVE-2022-33087 | 1 Tp-link | 4 Archer A5, Archer A5 Firmware, Archer C50 and 1 more | 2024-11-21 | 7.5 High |
| A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2022-32058 | 1 Tp-link | 4 Tl-wr741n, Tl-wr741n Firmware, Tl-wr742n and 1 more | 2024-11-21 | 7.5 High |
| An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2022-30075 | 1 Tp-link | 2 Archer Ax50, Archer Ax50 Firmware | 2024-11-21 | 8.8 High |
| In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. | ||||
| CVE-2022-30024 | 1 Tp-link | 6 Tl-wr841, Tl-wr841 Firmware, Tl-wr841n and 3 more | 2024-11-21 | 8.8 High |
| A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected. | ||||
| CVE-2022-29402 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 6.8 Medium |
| TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. | ||||