Filtered by vendor Tp-link
Subscriptions
Total
371 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-10523 | 1 Tp-link | 2 Tapo H100, Tapo H100 Firmware | 2024-11-08 | 4.6 Medium |
This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. | ||||
CVE-2024-22733 | 1 Tp-link | 3 Mr200, Mr200 Firmware, Tl-mr200 V4 Firmware | 2024-11-06 | 3.5 Low |
TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker. | ||||
CVE-2024-42815 | 1 Tp-link | 1 Re365 | 2024-10-24 | 9.8 Critical |
In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | ||||
CVE-2024-48714 | 1 Tp-link | 1 Tl-wdr7660 Firmware | 2024-10-16 | 6.5 Medium |
In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | ||||
CVE-2024-48713 | 1 Tp-link | 1 Tl-wdr7660 Firmware | 2024-10-16 | 6.5 Medium |
In TP-Link TL-WDR7660 1.0, the wacWhitelistJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | ||||
CVE-2024-48712 | 1 Tp-link | 1 Tl-wdr7660 Firmware | 2024-10-16 | 6.5 Medium |
In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | ||||
CVE-2024-48710 | 1 Tp-link | 1 Tl-wdr7660 Firmware | 2024-10-16 | 6.5 Medium |
In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. | ||||
CVE-2024-46325 | 1 Tp-link | 1 Wr740n Firmware | 2024-10-08 | 5.5 Medium |
TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. | ||||
CVE-2024-46486 | 1 Tp-link | 1 Tl-wdr5620 Firmware | 2024-10-07 | 8 High |
TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. | ||||
CVE-2024-46313 | 1 Tp-link | 1 Tl-wr941nd | 2024-10-04 | 8 High |
TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm. | ||||
CVE-2024-9284 | 1 Tp-link | 1 Tl-wr841nd \(11.0\) Firmware | 2024-09-30 | 6.5 Medium |
A vulnerability was found in TP-LINK TL-WR841ND up to 20240920. It has been rated as critical. Affected by this issue is some unknown functionality of the file /userRpm/popupSiteSurveyRpm.htm. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |