Filtered by vendor Tp-link
Subscribe
Total
348 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-15613 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file. | |||||
CVE-2017-16960 | 1 Tp-link | 93 Tl-er3210g, Tl-er3210g Firmware, Tl-er3220g and 90 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd. | |||||
CVE-2017-15627 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file. | |||||
CVE-2017-8220 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2024-02-28 | 9.0 HIGH | 9.9 CRITICAL |
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data. | |||||
CVE-2017-8217 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. | |||||
CVE-2017-8075 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
CVE-2017-8077 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
CVE-2017-8074 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
CVE-2017-8219 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. | |||||
CVE-2017-8076 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2024-02-28 | 7.8 HIGH | 9.8 CRITICAL |
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
CVE-2017-8218 | 1 Tp-link | 4 C2, C20i, C20i Firmware and 1 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password. | |||||
CVE-2017-8078 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
CVE-2016-1000009 | 1 Tp-link | 1 Tp-link | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices. | |||||
CVE-2013-2645 | 1 Tp-link | 1 Firmware | 2024-02-28 | 9.3 HIGH | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm. | |||||
CVE-2014-9510 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. | |||||
CVE-2013-6786 | 6 Allegrosoft, Dlink, Huawei and 3 more | 7 Rompager, Dsl-2640r, Dsl-2641r and 4 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately. | |||||
CVE-2014-4728 | 1 Tp-link | 2 Tl-wdr4300, Tl-wdr4300 Firmware | 2024-02-28 | 5.0 MEDIUM | N/A |
The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request. | |||||
CVE-2014-9350 | 1 Tp-link | 2 Tl-wr740n, Tl-wr740n Firmware | 2024-02-28 | 5.0 MEDIUM | N/A |
TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm. | |||||
CVE-2014-4727 | 1 Tp-link | 2 Tl-wdr4300, Tl-wdr4300 Firmware | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request. | |||||
CVE-2012-6316 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. |