Filtered by vendor Tp-link
Subscribe
Total
459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49913 | 1 Tp-link | 4 Eap115, Eap115 Firmware, Eap225 and 1 more | 2025-11-04 | N/A | 7.2 HIGH |
|
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x422448` of the `httpd` binary shipped w ...
Show More |
|||||
| CVE-2023-49912 | 1 Tp-link | 4 Eap115, Eap115 Firmware, Eap225 and 1 more | 2025-11-04 | N/A | 7.2 HIGH |
|
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x4224b0` of the `httpd` binary shipped ...
Show More |
|||||
| CVE-2023-49911 | 1 Tp-link | 4 Eap115, Eap115 Firmware, Eap225 and 1 more | 2025-11-04 | N/A | 7.2 HIGH |
|
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x422420` of the `httpd` binary shipped wit ...
Show More |
|||||
| CVE-2023-49910 | 1 Tp-link | 4 Eap115, Eap115 Firmware, Eap225 and 1 more | 2025-11-04 | N/A | 7.2 HIGH |
|
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x42247c` of the `httpd` binary shipped wit ...
Show More |
|||||
| CVE-2023-49909 | 1 Tp-link | 2 Eap225, Eap225 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
|
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `action` parameter at offset `0x0045ab38` of the `httpd_portal` binary ...
Show More |
|||||
| CVE-2023-49908 | 1 Tp-link | 2 Eap225, Eap225 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
|
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `profile` parameter at offset `0x0045abc8` of the `httpd_portal` binary ...
Show More |
|||||
| CVE-2023-49907 | 1 Tp-link | 4 Eap115, Eap115 Firmware, Eap225 and 1 more | 2025-11-04 | N/A | 7.2 HIGH |
|
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `band` parameter at offset `0x0045aad8` of the `httpd_portal` binary sh ...
Show More |
|||||
| CVE-2023-49906 | 1 Tp-link | 2 Eap225, Eap225 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
|
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability refers specifically to the overflow that occurs via the `ssid` parameter at offset `0x0045ab7c` of the `httpd_portal` binary sh ...
Show More |
|||||
| CVE-2023-49134 | 1 Tp-link | 4 Eap115, Eap115 Firmware, Eap225 and 1 more | 2025-11-04 | N/A | 8.1 HIGH |
|
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 2022021 ...
Show More |
|||||
| CVE-2023-49133 | 1 Tp-link | 4 Eap115, Eap115 Firmware, Eap225 and 1 more | 2025-11-04 | N/A | 8.1 HIGH |
|
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP225(V3) 5.1.0 Build 2022092 ...
Show More |
|||||
| CVE-2023-49074 | 1 Tp-link | 2 Eap225, Eap225 Firmware | 2025-11-04 | N/A | 7.4 HIGH |
|
A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.
|
|||||
| CVE-2023-48724 | 1 Tp-link | 2 Eap225, Eap225 Firmware | 2025-11-04 | N/A | 7.5 HIGH |
|
A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of the device's web interface. An attacker can send an unauthenticated HTTP POST request to trigger this vulnerability.
|
|||||
| CVE-2023-47618 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
|
A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2023-47617 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
|
A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2023-47209 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
|
A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2023-47167 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
|
A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2023-46683 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
|
A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2023-43482 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
|
A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2023-43318 | 1 Tp-link | 2 Tl-sg2210p, Tl-sg2210p Firmware | 2025-11-04 | N/A | 8.8 HIGH |
|
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.
|
|||||
| CVE-2023-42664 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
|
A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2023-36498 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
|
A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell.
|
|||||
| CVE-2024-21827 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
|
A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
|
|||||
| CVE-2023-1389 | 1 Tp-link | 2 Archer Ax21, Archer Ax21 Firmware | 2025-11-03 | N/A | 8.8 HIGH |
|
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.
|
|||||
| CVE-2025-9377 | 1 Tp-link | 6 Archer C7, Archer C7 Firmware, Tl-wr841n and 3 more | 2025-11-03 | N/A | 7.2 HIGH |
|
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.
This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108.
Both products have reached the status of EOL (end-of-life).
It's recommending to
purchase the new
product to ensure better performance and security. If replacement is not
an option in the short term, please use the second reference link to
download ...
Show More |
|||||
| CVE-2023-50224 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2025-10-27 | N/A | 6.5 MEDIUM |
|
TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored ...
Show More |
|||||
| CVE-2023-33538 | 1 Tp-link | 6 Tl-wr740n, Tl-wr740n Firmware, Tl-wr841n and 3 more | 2025-10-27 | N/A | 8.8 HIGH |
|
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
|
|||||
| CVE-2025-7851 | 1 Tp-link | 26 Er605, Er605 Firmware, Er706w and 23 more | 2025-10-24 | N/A | 9.8 CRITICAL |
|
An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
|
|||||
| CVE-2025-7850 | 1 Tp-link | 26 Er605, Er605 Firmware, Er706w and 23 more | 2025-10-24 | N/A | 7.2 HIGH |
|
A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.
|
|||||
| CVE-2025-6542 | 1 Tp-link | 26 Er605, Er605 Firmware, Er706w and 23 more | 2025-10-24 | N/A | 9.8 CRITICAL |
|
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.
|
|||||
| CVE-2025-6541 | 1 Tp-link | 26 Er605, Er605 Firmware, Er706w and 23 more | 2025-10-24 | N/A | 8.8 HIGH |
|
An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.
|
|||||
| CVE-2015-3035 | 1 Tp-link | 26 Archer C5 \(1.2\), Archer C5 \(1.2\) Firmware, Archer C7 \(2.0\) and 23 more | 2025-10-22 | 7.8 HIGH | 7.5 HIGH |
|
Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a ...
Show More |
|||||
| CVE-2024-25139 | 1 Tp-link | 2 Omada Er605, Omada Er605 Firmware | 2025-09-18 | N/A | 10.0 CRITICAL |
|
In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119.
|
|||||
| CVE-2025-8627 | 1 Tp-link | 2 Kp303, Kp303 Firmware | 2025-09-15 | N/A | 8.8 HIGH |
|
The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak.
This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0.
|
|||||
| CVE-2023-44447 | 1 Tp-link | 2 Tl-wr902ac, Tl-wr902ac Firmware | 2025-09-04 | N/A | 6.5 MEDIUM |
|
TP-Link TL-WR902AC loginFs Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR902AC routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. An attacker can leverage this vulnerability to disclose stored c ...
Show More |
|||||
| CVE-2024-46486 | 1 Tp-link | 2 Tl-wdr5620, Tl-wdr5620 Firmware | 2025-08-15 | N/A | 8.0 HIGH |
|
TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function.
|
|||||
| CVE-2024-48288 | 1 Tp-link | 2 Tl-ipc42c, Tl-ipc42c Firmware | 2025-08-15 | N/A | 8.0 HIGH |
|
TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend.
|
|||||
| CVE-2023-41184 | 1 Tp-link | 2 Tapo C210, Tapo C210 Firmware | 2025-08-12 | N/A | 8.0 HIGH |
|
TP-Link Tapo C210 ActiveCells Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Tapo C210 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of the ActiveCells parameter of the CreateRules and ModifyRules APIs. The issue results from the la ...
Show More |
|||||
| CVE-2023-35717 | 1 Tp-link | 2 Tapo C210, Tapo C210 Firmware | 2025-08-12 | N/A | 8.8 HIGH |
|
TP-Link Tapo C210 Password Recovery Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link Tapo C210 IP cameras. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the password recovery mechanism. The issue results from reliance upon the secrecy of the password derivation algorithm when generating a recovery password. An attacker can leverage this vulnerabi ...
Show More |
|||||
| CVE-2023-39471 | 1 Tp-link | 4 Tl-wr840n, Tl-wr840n Firmware, Tl-wr841n and 1 more | 2025-08-12 | N/A | 8.8 HIGH |
|
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to ...
Show More |
|||||
| CVE-2024-1180 | 1 Tp-link | 2 Omada Er605, Omada Er605 Firmware | 2025-08-08 | N/A | 8.0 HIGH |
|
TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability.
The specific issue exists within the handling of the name field in the access control user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. ...
Show More |
|||||