Filtered by vendor Tp-link
Subscriptions
Total
348 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10888 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2020-04-01 | 9.8 Critical |
| This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSH port forwarding requests during initial setup. The issue results from the lack of proper authentication prior to establishing SSH port forwarding rules. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the WAN interface. Was ZDI-CAN-9664. | ||||
| CVE-2020-10885 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2020-03-31 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses prior to further processing. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the root user. Was ZDI-CAN-9661. | ||||
| CVE-2020-10881 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2020-03-31 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9660. | ||||
| CVE-2020-9375 | 1 Tp-link | 2 Archer C5, Archer C50 | 2020-03-31 | 7.5 High |
| TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field. | ||||
| CVE-2013-2646 | 1 Tp-link | 2 Tl-wr1043nd, Tl-wr1043nd Firmware | 2020-02-06 | 7.5 High |
| TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of service vulnerability. | ||||
| CVE-2013-2573 | 1 Tp-link | 6 Tl-sc 3130g, Tl-sc 3130g Firmware, Tl-sc 3171g and 3 more | 2020-01-31 | 9.8 Critical |
| A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code. | ||||
| CVE-2013-2572 | 1 Tp-link | 8 Tl-sc 3130, Tl-sc 3130 Firmware, Tl-sc 3130g and 5 more | 2020-01-31 | 7.5 High |
| A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files. | ||||
| CVE-2019-17147 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2020-01-14 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457. | ||||
| CVE-2013-4654 | 1 Tp-link | 4 Tl-1043nd, Tl-1043nd Firmware, Tl-wdr4300 and 1 more | 2019-11-25 | 9.8 Critical |
| Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. | ||||
| CVE-2013-4848 | 1 Tp-link | 2 Tl-wdr4300, Tl-wdr4300 Firmware | 2019-10-28 | 8.8 High |
| TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. | ||||
| CVE-2019-13653 | 1 Tp-link | 2 M7350, M7350 Firmware | 2019-10-28 | 9.8 Critical |
| TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5). | ||||
| CVE-2019-13652 | 1 Tp-link | 2 M7350, M7350 Firmware | 2019-10-28 | 9.8 Critical |
| TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow serviceName OS Command Injection (issue 4 of 5). | ||||
| CVE-2019-13651 | 1 Tp-link | 2 M7350, M7350 Firmware | 2019-10-28 | 9.8 Critical |
| TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow portMappingProtocol OS Command Injection (issue 3 of 5). | ||||
| CVE-2019-13650 | 1 Tp-link | 2 M7350, M7350 Firmware | 2019-10-28 | 9.8 Critical |
| TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow internalPort OS Command Injection (issue 2 of 5). | ||||
| CVE-2019-13649 | 1 Tp-link | 2 M7350, M7350 Firmware | 2019-10-28 | 9.8 Critical |
| TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow externalPort OS Command Injection (issue 1 of 5). | ||||
| CVE-2018-5393 | 1 Tp-link | 1 Eap Controller | 2019-10-09 | N/A |
| The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use, so it lacks user authentication for RMI service commands in EAP controller versions 2.5.3 and earlier. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode. | ||||
| CVE-2017-15629 | 1 Tp-link | 76 Er5110g, Er5110g Firmware, Er5120g and 73 more | 2019-10-03 | N/A |
| TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file. | ||||
| CVE-2018-12576 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2019-10-03 | N/A |
| TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. | ||||
| CVE-2018-10168 | 1 Tp-link | 1 Eap Controller | 2019-10-03 | N/A |
| TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. This is fixed in version 2.6.1_Windows. | ||||
| CVE-2017-17758 | 1 Tp-link | 30 Tl-war1200l, Tl-war1200l Firmware, Tl-war1300l and 27 more | 2019-10-03 | N/A |
| TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua in uhttpd. | ||||