Filtered by vendor Tp-link
Subscribe
Total
348 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-15054 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-02-28 | 3.3 LOW | 8.8 HIGH |
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | |||||
CVE-2020-12111 | 1 Tp-link | 4 Nc260, Nc260 Firmware, Nc450 and 1 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304. | |||||
CVE-2020-15057 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-02-28 | 6.1 MEDIUM | 6.5 MEDIUM |
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. | |||||
CVE-2020-10916 | 1 Tp-link | 2 Tl-wa855re, Tl-wa855re Firmware | 2024-02-28 | 5.2 MEDIUM | 8.0 HIGH |
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the first-time setup process. The issue results from the lack of proper validation on first-time setup requests. An attacker can leverage this vulnerability to reset the password for the Admin account and execute code in the context of the device. Was ZDI-CAN-10003. | |||||
CVE-2020-15055 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | |||||
CVE-2020-9375 | 1 Tp-link | 2 Archer C5, Archer C50 | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field. | |||||
CVE-2020-12110 | 1 Tp-link | 14 Nc200, Nc200 Firmware, Nc210 and 11 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. | |||||
CVE-2020-10887 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663. | |||||
CVE-2013-4654 | 1 Tp-link | 4 Tl-1043nd, Tl-1043nd Firmware, Tl-wdr4300 and 1 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. | |||||
CVE-2020-9374 | 1 Tp-link | 2 Tl-wr849n, Tl-wr849n Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature. | |||||
CVE-2013-2573 | 1 Tp-link | 6 Tl-sc 3130g, Tl-sc 3130g Firmware, Tl-sc 3171g and 3 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code. | |||||
CVE-2013-2646 | 1 Tp-link | 2 Tl-wr1043nd, Tl-wr1043nd Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability. | |||||
CVE-2019-13653 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5). | |||||
CVE-2019-16893 | 1 Tp-link | 2 Tp-sg105e, Tp-sg105e Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request. | |||||
CVE-2019-13650 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection (issue 2 of 5). | |||||
CVE-2013-4848 | 1 Tp-link | 2 Tl-wdr4300, Tl-wdr4300 Firmware | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. | |||||
CVE-2013-2572 | 1 Tp-link | 8 Tl-sc 3130, Tl-sc 3130 Firmware, Tl-sc 3130g and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files. | |||||
CVE-2019-13652 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5). | |||||
CVE-2019-13651 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5). | |||||
CVE-2019-13649 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection (issue 1 of 5). |