Filtered by vendor Tp-link
Subscribe
Total
262 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-46432 | 1 Tp-link | 2 Tl-wr743nd V1, Tl-wr743nd V1 Firmware | 2022-12-28 | N/A | 7.5 HIGH |
An exploitable firmware modification vulnerability was discovered on TP-Link TL-WR743ND V1. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v3.12.20 and earlier. | |||||
CVE-2022-46430 | 1 Tp-link | 8 Tl-wr740n V1, Tl-wr740n V1 Firmware, Tl-wr740n V2 and 5 more | 2022-12-28 | N/A | 4.8 MEDIUM |
TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | |||||
CVE-2022-46428 | 1 Tp-link | 2 Tl-wr1043nd V1, Tl-wr1043nd V1 Firmware | 2022-12-28 | N/A | 4.8 MEDIUM |
TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | |||||
CVE-2022-46139 | 1 Tp-link | 2 Tl-wr940n V4, Tl-wr940n V4 Firmware | 2022-12-28 | N/A | 6.5 MEDIUM |
TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | |||||
CVE-2022-46910 | 1 Tp-link | 6 Tl-wa901n, Tl-wa901n Firmware, Tl-wa901nd V1 and 3 more | 2022-12-28 | N/A | 8.8 HIGH |
An issue in the firmware update process of TP-Link TL-WA901ND V1 up to v3.11.2 and TL-WA901N V2 up to v3.12.16 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. | |||||
CVE-2022-46435 | 1 Tp-link | 6 Tl-wr941nd V2, Tl-wr941nd V2 Firmware, Tl-wr941nd V3 and 3 more | 2022-12-28 | N/A | 8.8 HIGH |
An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up to 3.13.9 and TL-WR941ND V4 up to 3.12.8 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. | |||||
CVE-2022-46914 | 1 Tp-link | 4 Tl-wa801n, Tl-wa801n Firmware, Tl-wa801nd V1 and 1 more | 2022-12-28 | N/A | 8.8 HIGH |
An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA801ND V1 v3.12.16 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. | |||||
CVE-2022-46912 | 1 Tp-link | 4 Tl-wr841n, Tl-wr841n Firmware, Tl-wr841nd V7 and 1 more | 2022-12-28 | N/A | 8.8 HIGH |
An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. | |||||
CVE-2022-41783 | 1 Tp-link | 2 Re3000, Re3000 Firmware | 2022-12-09 | N/A | 5.5 MEDIUM |
tdpServer of TP-Link RE300 V1 improperly processes its input, which may allow an attacker to cause a denial-of-service (DoS) condition of the product's OneMesh function. | |||||
CVE-2022-4296 | 1 Tp-link | 2 Tl-wr740n, Tl-wr740n Firmware | 2022-12-07 | N/A | 5.5 MEDIUM |
A vulnerability classified as problematic has been found in TP-Link TL-WR740N. Affected is an unknown function of the component ARP Handler. The manipulation leads to resource consumption. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214812. | |||||
CVE-2022-37860 | 1 Tp-link | 2 M7350, M7350 Firmware | 2022-11-16 | N/A | 9.8 CRITICAL |
The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. | |||||
CVE-2022-42202 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2022-10-20 | N/A | 6.1 MEDIUM |
TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS). | |||||
CVE-2022-41540 | 1 Tp-link | 2 Ax10, Ax10 Firmware | 2022-10-20 | N/A | 5.9 MEDIUM |
The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web client and router through a man-in-the-middle attack can then obtain the sequence key via a brute-force attack, and access sensitive information. | |||||
CVE-2022-41541 | 1 Tp-link | 2 Ax10, Ax10 Firmware | 2022-10-20 | N/A | 8.1 HIGH |
TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user. | |||||
CVE-2022-30075 | 1 Tp-link | 2 Archer Ax50, Archer Ax50 Firmware | 2022-09-30 | 6.5 MEDIUM | 8.8 HIGH |
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. | |||||
CVE-2022-40486 | 1 Tp-link | 2 Archer Ax10 V1, Archer Ax10 V1 Firmware | 2022-09-30 | N/A | 8.8 HIGH |
TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 57450(5553) was discovered to allow authenticated attackers to execute arbitrary code via a crafted backup file. | |||||
CVE-2021-4045 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2022-09-30 | 10.0 HIGH | 9.8 CRITICAL |
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera. | |||||
CVE-2021-42232 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2022-08-25 | N/A | 9.8 CRITICAL |
TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router. | |||||
CVE-2022-34555 | 1 Tp-link | 2 Tl-r473g, Tl-r473g Firmware | 2022-08-04 | N/A | 9.8 CRITICAL |
TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet. | |||||
CVE-2022-30024 | 1 Tp-link | 6 Tl-wr841, Tl-wr841 Firmware, Tl-wr841n and 3 more | 2022-07-20 | N/A | 8.8 HIGH |
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected. |