Filtered by vendor Tp-link
Subscribe
Total
348 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44629 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. | |||||
| CVE-2021-44632 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. | |||||
| CVE-2022-24355 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name extensions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13910. | |||||
| CVE-2022-22922 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges. | |||||
| CVE-2022-26639 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. | |||||
| CVE-2021-44827 | 1 Tp-link | 2 Archer C20i, Archer C20i Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges. | |||||
| CVE-2021-44630 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request. | |||||
| CVE-2022-26642 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. | |||||
| CVE-2022-25062 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||||
| CVE-2022-33087 | 1 Tp-link | 4 Archer A5, Archer A5 Firmware, Archer C50 and 1 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||||
| CVE-2022-25072 | 1 Tp-link | 2 Archer A54, Archer A54 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. | |||||
| CVE-2022-29402 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
| TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. | |||||
| CVE-2021-40288 | 1 Tp-link | 2 Archer Ax10, Archer Ax10 Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames | |||||
| CVE-2021-4144 | 1 Tp-link | 2 Tl-wr802n, Tl-wr802n Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. | |||||
| CVE-2021-35003 | 1 Tp-link | 2 Archer C90, Archer C90 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14655. | |||||
| CVE-2021-41653 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | |||||
| CVE-2021-44864 | 1 Tp-link | 2 Wn886n, Wn886n Firmware | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter. | |||||
| CVE-2021-41451 | 1 Tp-link | 2 Archer Ax10, Archer Ax10 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack. | |||||
| CVE-2021-41450 | 1 Tp-link | 2 Archer Ax10 V1, Archer Ax10 V1 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. | |||||
| CVE-2021-35004 | 1 Tp-link | 2 Tl-wa1201, Tl-wa1201 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14656. | |||||