Filtered by vendor Tp-link Subscriptions
Total 371 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-38906 1 Tp-link 3 Tapo, Tapo L530e, Tapo L530e Firmware 2024-11-21 6.5 Medium
An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.
CVE-2023-38588 1 Tp-link 2 Archer C3150, Archer C3150 Firmware 2024-11-21 8 High
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
CVE-2023-38568 1 Tp-link 2 Archer A10, Archer A10 Firmware 2024-11-21 8.8 High
Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.
CVE-2023-38563 1 Tp-link 5 Archer C1200, Archer C1200 Firmware, Archer C9 and 2 more 2024-11-21 8.8 High
Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.
CVE-2023-37284 1 Tp-link 2 Archer C20, Archer C20 Firmware 2024-11-21 8.8 High
Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.
CVE-2023-36498 1 Tp-link 2 Er7206, Er7206 Firmware 2024-11-21 7.2 High
A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell.
CVE-2023-36489 1 Tp-link 6 Tl-wr802n, Tl-wr802n Firmware, Tl-wr841n and 3 more 2024-11-21 8.8 High
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.
CVE-2023-34829 1 Tp-link 1 Tapo 2024-11-21 6.5 Medium
Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext.
CVE-2023-33538 1 Tp-link 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more 2024-11-21 8.8 High
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
CVE-2023-33537 1 Tp-link 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more 2024-11-21 8.1 High
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm.
CVE-2023-33536 1 Tp-link 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more 2024-11-21 8.1 High
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm.
CVE-2023-32619 1 Tp-link 4 Archer C50 V3, Archer C50 V3 Firmware, Archer C55 and 1 more 2024-11-21 8.8 High
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.
CVE-2023-31756 1 Tp-link 2 Archer Vr1600v, Archer Vr1600v Firmware 2024-11-21 6.7 Medium
A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter.
CVE-2023-31710 1 Tp-link 2 Archer Ax21, Archer Ax21 Firmware 2024-11-21 9.8 Critical
TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.
CVE-2023-31701 1 Tp-link 2 Tl-wpa4530 Kit, Tl-wpa4530 Kit Firmware 2024-11-21 8.8 High
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.
CVE-2023-31700 1 Tp-link 2 Tl-wpa4530 Kit, Tl-wpa4530 Kit Firmware 2024-11-21 8.8 High
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd.
CVE-2023-31188 1 Tp-link 5 Archer C20 Firmware, Archer C50 V3, Archer C50 V3 Firmware and 2 more 2024-11-21 8 High
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'.
CVE-2023-30383 1 Tp-link 7 Archer C2, Archer C20, Archer C20 Firmware and 4 more 2024-11-21 7.5 High
TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.
CVE-2023-2646 1 Tp-link 2 Archer C7, Archer C7 Firmware 2024-11-21 4.5 Medium
A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-29562 1 Tp-link 2 Tl-wpa7510, Tl-wpa7510 Firmware 2024-11-21 9.8 Critical
TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale.