Filtered by vendor Tp-link Subscriptions
Total 371 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-53375 1 Tp-link 1 Archer Axe75 Firmware 2024-12-18 8 High
An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the activation of the HomeShield functionality.
CVE-2023-34832 1 Tp-link 2 Archer Ax10, Archer Ax10 Firmware 2024-12-17 9.8 Critical
TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4.
CVE-2024-12344 1 Tp-link 2 Vn020 F3v, Vn020 F3v Firmware 2024-12-11 6.3 Medium
A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-12343 1 Tp-link 2 Vn020 F3v, Vn020 F3v Firmware 2024-12-11 6.5 Medium
A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.
CVE-2023-36358 1 Tp-link 8 Tl-wr743nd, Tl-wr743nd Firmware, Tl-wr841n and 5 more 2024-12-11 7.7 High
TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVE-2023-36359 1 Tp-link 6 Tl-wr841n, Tl-wr841n Firmware, Tl-wr940n and 3 more 2024-12-11 7.5 High
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVE-2024-54126 1 Tp-link 1 Archer C50 Firmware 2024-12-05 N/A
This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device.
CVE-2023-36354 1 Tp-link 9 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 6 more 2024-12-03 7.5 High
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVE-2024-53623 1 Tp-link 1 Archer C7 Firmware 2024-12-02 7.5 High
Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information.
CVE-2023-36357 1 Tp-link 6 Tl-wr841n, Tl-wr841n Firmware, Tl-wr940n and 3 more 2024-12-02 7.7 High
An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVE-2023-36355 1 Tp-link 3 Tl-wr940n, Tl-wr940n Firmware, Tl-wr940n V4 2024-12-02 9.9 Critical
TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVE-2023-36356 1 Tp-link 8 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 5 more 2024-12-02 7.7 High
TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVE-2023-42189 9 Eve, Govee, Nanoleaf and 6 more 18 Eve Door And Window, Eve Door And Window Firmware, Led Strip and 15 more 2024-11-27 7.5 High
Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.
CVE-2024-48288 1 Tp-link 1 Tl-ipc42c Firmware 2024-11-26 N/A
TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend.
CVE-2024-37661 1 Tp-link 1 Tl-7dr5130 2024-11-21 6.3 Medium
TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect messages.
CVE-2024-21833 1 Tp-link 10 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 7 more 2024-11-21 8.8 High
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi.
CVE-2024-21821 1 Tp-link 6 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 3 more 2024-11-21 8.0 High
Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands.
CVE-2024-21773 1 Tp-link 8 Archer Ax3000, Archer Ax3000 Firmware, Archer Ax5400 and 5 more 2024-11-21 8.8 High
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings.
CVE-2023-50224 1 Tp-link 1 Tl-wr841n Firmware 2024-11-21 N/A
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. . Was ZDI-CAN-19899.
CVE-2023-49515 1 Tp-link 4 Tapo C200, Tapo C200 Firmware, Tapo Tc70 and 1 more 2024-11-21 4.6 Medium
Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.