Filtered by vendor Tp-link
Subscribe
Total
348 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38568 | 1 Tp-link | 2 Archer A10, Archer A10 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
| Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-39745 | 1 Tp-link | 6 Tl-wr841n V8, Tl-wr841n V8 Firmware, Tl-wr940n V2 and 3 more | 2024-02-28 | N/A | 7.5 HIGH |
| TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-43135 | 1 Tp-link | 2 Tl-er5120g, Tl-er5120g Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | |||||
| CVE-2023-32619 | 1 Tp-link | 4 Archer C50 V3, Archer C50 V3 Firmware, Archer C55 and 1 more | 2024-02-28 | N/A | 8.8 HIGH |
| Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. | |||||
| CVE-2023-43137 | 1 Tp-link | 2 Tl-er5120g, Tl-er5120g Firmware | 2024-02-28 | N/A | 8.8 HIGH |
| TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. | |||||
| CVE-2023-39748 | 1 Tp-link | 2 Tl-wr1041n V2, Tl-wr1041n V2 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
| An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | |||||
| CVE-2023-42189 | 9 Eve, Govee, Nanoleaf and 6 more | 18 Eve Door And Window, Eve Door And Window Firmware, Led Strip and 15 more | 2024-02-28 | N/A | 7.5 HIGH |
| Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. | |||||
| CVE-2023-40531 | 1 Tp-link | 2 Archer Ax6000, Archer Ax6000 Firmware | 2024-02-28 | N/A | 8.0 HIGH |
| Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-30383 | 1 Tp-link | 6 Archer C20, Archer C20 Firmware, Archer C2 V1 and 3 more | 2024-02-28 | N/A | 7.5 HIGH |
| TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data. | |||||
| CVE-2023-46373 | 1 Tp-link | 2 Tl-wdr7660, Tl-wdr7660 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses. | |||||
| CVE-2023-39751 | 1 Tp-link | 2 Tl-wr941nd V6, Tl-wr941nd V6 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm. | |||||
| CVE-2023-39610 | 1 Tp-link | 2 Tapo C100, Tapo C100 Firmware | 2024-02-28 | N/A | 6.5 MEDIUM |
| An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. | |||||
| CVE-2023-31710 | 1 Tp-link | 2 Archer Ax21, Archer Ax21 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow. | |||||
| CVE-2023-39747 | 1 Tp-link | 6 Tl-wr841n V8, Tl-wr841n V8 Firmware, Tl-wr940n V2 and 3 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm. | |||||
| CVE-2023-40193 | 1 Tp-link | 2 Deco M4, Deco M4 Firmware | 2024-02-28 | N/A | 8.0 HIGH |
| Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-31188 | 1 Tp-link | 4 Archer C50 V3, Archer C50 V3 Firmware, Archer C55 and 1 more | 2024-02-28 | N/A | 8.0 HIGH |
| Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'. | |||||
| CVE-2023-43138 | 1 Tp-link | 2 Tl-er5120g, Tl-er5120g Firmware | 2024-02-28 | N/A | 8.8 HIGH |
| TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. | |||||
| CVE-2023-39224 | 1 Tp-link | 2 Archer C7, Archer C7 Firmware | 2024-02-28 | N/A | 8.0 HIGH |
| Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided. | |||||
| CVE-2023-39935 | 1 Tp-link | 2 Archer C5400, Archer C5400 Firmware | 2024-02-28 | N/A | 8.0 HIGH |
| Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2023-40357 | 1 Tp-link | 8 Archer A10, Archer A10 Firmware, Archer Ax10 and 5 more | 2024-02-28 | N/A | 8.0 HIGH |
| Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'. | |||||