Filtered by vendor Tp-link
Subscribe
Total
348 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-17018 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name. | |||||
CVE-2018-3949 | 1 Tp-link | 2 Tl-r600vpn, Tl-r600vpn Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability. | |||||
CVE-2018-17013 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate. | |||||
CVE-2018-20372 | 1 Tp-link | 2 Td-w8961nd, Td-w8961nd Firmware | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. | |||||
CVE-2018-18428 | 1 Tp-link | 2 Tl-sc3130, Tl-sc3130 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI. | |||||
CVE-2018-17009 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate. | |||||
CVE-2018-15701 | 1 Tp-link | 2 Tl-wrn841n, Tl-wrn841n Firmware | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field. | |||||
CVE-2018-15702 | 1 Tp-link | 2 Tl-wrn841n, Tl-wrn841n Firmware | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. | |||||
CVE-2018-12693 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2024-02-28 | 6.8 MEDIUM | 6.5 MEDIUM |
Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json. | |||||
CVE-2018-12576 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. | |||||
CVE-2018-10164 | 1 Tp-link | 1 Eap Controller | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality. This is fixed in version 2.6.1_Windows. | |||||
CVE-2018-12694 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. | |||||
CVE-2018-11482 | 1 Tp-link | 8 Ipc Tl-ipc223\(p\)-6, Ipc Tl-ipc223\(p\)-6 Firmware, Tl-ipc323k-d and 5 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. | |||||
CVE-2018-12692 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json. | |||||
CVE-2018-12577 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. | |||||
CVE-2018-12575 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. | |||||
CVE-2018-11481 | 1 Tp-link | 8 Ipc Tl-ipc223\(p\)-6, Ipc Tl-ipc223\(p\)-6 Firmware, Tl-ipc323k-d and 5 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters. | |||||
CVE-2018-10167 | 1 Tp-link | 1 Eap Controller | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. A low-privilege user could decrypt and modify the backup file in order to elevate their privileges. This is fixed in version 2.6.1_Windows. | |||||
CVE-2018-12574 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. | |||||
CVE-2018-10165 | 1 Tp-link | 1 Eap Controller | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality. This is fixed in version 2.6.1_Windows. |