Filtered by vendor Tp-link
Subscribe
Total
348 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1389 | 1 Tp-link | 2 Archer Ax21, Archer Ax21 Firmware | 2024-06-27 | N/A | 8.8 HIGH |
| TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. | |||||
| CVE-2023-2646 | 1 Tp-link | 2 Archer C7, Archer C7 Firmware | 2024-05-17 | 5.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-0936 | 1 Tp-link | 1 Archer C50 | 2024-05-17 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in TP-Link Archer C50 V2_160801. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221552. | |||||
| CVE-2023-38909 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-05-07 | N/A | 6.5 MEDIUM |
| An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function. | |||||
| CVE-2023-38908 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-05-07 | N/A | 6.5 MEDIUM |
| An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function. | |||||
| CVE-2023-38907 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-05-07 | N/A | 7.5 HIGH |
| An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key. | |||||
| CVE-2023-38906 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-05-07 | N/A | 6.5 MEDIUM |
| An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message. | |||||
| CVE-2020-12695 | 21 Asus, Broadcom, Canon and 18 more | 217 Rt-n11, Adsl, Selphy Cp1200 and 214 more | 2024-04-08 | 7.8 HIGH | 7.5 HIGH |
| The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | |||||
| CVE-2023-43482 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-47167 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-46683 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-42664 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-34829 | 1 Tp-link | 1 Tapo | 2024-02-28 | N/A | 6.5 MEDIUM |
| Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. | |||||
| CVE-2023-36498 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell. | |||||
| CVE-2023-47209 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-47617 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-27098 | 1 Tp-link | 2 Tapo, Tapo C200 | 2024-02-28 | N/A | 7.5 HIGH |
| TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | |||||
| CVE-2023-47618 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2023-38563 | 1 Tp-link | 4 Archer C1200, Archer C1200 Firmware, Archer C9 and 1 more | 2024-02-28 | N/A | 8.8 HIGH |
| Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-37284 | 1 Tp-link | 2 Archer C20, Archer C20 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
| Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication. | |||||