Filtered by vendor Tp-link
Subscribe
Total
262 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29302 | 1 Tp-link | 2 Tl-wr802n, Tl-wr802n Firmware | 2021-04-21 | 9.3 HIGH | 8.1 HIGH |
| TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution. | |||||
| CVE-2021-3125 | 1 Tp-link | 12 Tl-xdr1850, Tl-xdr1850 Firmware, Tl-xdr1860 and 9 more | 2021-04-21 | 4.3 MEDIUM | 7.5 HIGH |
| In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. | |||||
| CVE-2021-26827 | 1 Tp-link | 2 Tl-wr2041\+, Tl-wr2041\+ Firmware | 2021-04-21 | 7.8 HIGH | 7.5 HIGH |
| Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the "/userRpm/popupSiteSurveyRpm.html" webpage, which crashes the router. | |||||
| CVE-2021-27245 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2021-04-01 | 9.3 HIGH | 8.1 HIGH |
| This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-12309. | |||||
| CVE-2021-3275 | 1 Tp-link | 10 Archer-c3150, Archer-c3150 Firmware, Td-w9977 and 7 more | 2021-03-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization. | |||||
| CVE-2021-27209 | 1 Tp-link | 2 Archer C5v, Archer C5v Firmware | 2021-02-19 | 3.6 LOW | 7.1 HIGH |
| In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP. | |||||
| CVE-2021-27210 | 1 Tp-link | 2 Archer C5v, Archer C5v Firmware | 2021-02-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI. | |||||
| CVE-2020-36178 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2021-01-12 | 10.0 HIGH | 9.8 CRITICAL |
| oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem. | |||||
| CVE-2020-5797 | 1 Tp-link | 2 Archer C9, Archer C9 Firmware | 2020-12-03 | 3.6 LOW | 6.1 MEDIUM |
| UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. | |||||
| CVE-2020-28877 | 1 Tp-link | 30 Wdr7400, Wdr7400 Firmware, Wdr7500 and 27 more | 2020-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N. | |||||
| CVE-2020-28005 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2020-12-01 | 3.5 LOW | 6.5 MEDIUM |
| httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023 | |||||
| CVE-2020-24297 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2020-12-01 | 9.0 HIGH | 8.8 HIGH |
| httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023 | |||||
| CVE-2020-5795 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2020-11-19 | 7.2 HIGH | 6.2 MEDIUM |
| UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. | |||||
| CVE-2020-24363 | 1 Tp-link | 2 Tl-wa855re, Tl-wa855re Firmware | 2020-09-08 | 8.3 HIGH | 8.8 HIGH |
| TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. | |||||
| CVE-2017-13772 | 1 Tp-link | 2 Wr940n, Wr940n Firmware | 2020-08-31 | 9.0 HIGH | 8.8 HIGH |
| Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm. | |||||
| CVE-2018-18489 | 1 Tp-link | 2 Wr840n, Wr840n Firmware | 2020-08-24 | 6.8 MEDIUM | 4.9 MEDIUM |
| The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472. | |||||
| CVE-2019-13266 | 1 Tp-link | 4 Archer C2 V1, Archer C2 V1 Firmware, Archer C3200 V1 and 1 more | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
| TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. A DHCP Request is sent to the router with a certain Transaction ID field. Following the DHCP protocol, the router responds with an ACK or NAK message. Studying the NAK case revealed that the router erroneously sends the NAK to both Host and Guest networks with the same Transaction ID as found in the DHCP Request. This allows encoding of data to be sent cross-router into the 32-bit Transaction ID field. | |||||
| CVE-2018-17011 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun. | |||||
| CVE-2018-17010 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g bandwidth. | |||||
| CVE-2018-17009 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate. | |||||