Filtered by vendor Tp-link
Subscriptions
Total
375 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-40193 | 1 Tp-link | 2 Deco M4, Deco M4 Firmware | 2024-11-21 | 8.0 High |
Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | ||||
CVE-2023-39935 | 1 Tp-link | 2 Archer C5400, Archer C5400 Firmware | 2024-11-21 | 8.0 High |
Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | ||||
CVE-2023-39751 | 1 Tp-link | 3 Tl-wr941nd, Tl-wr941nd V6, Tl-wr941nd V6 Firmware | 2024-11-21 | 9.8 Critical |
TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm. | ||||
CVE-2023-39748 | 2 Tp-link, Tp Link | 3 Tl-wr1041n V2, Tl-wr1041n V2 Firmware, Tl-wr1041n | 2024-11-21 | 7.5 High |
An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | ||||
CVE-2023-39747 | 1 Tp-link | 9 Tl-wr841n V8, Tl-wr841n V8 Firmware, Tl-wr940n and 6 more | 2024-11-21 | 9.8 Critical |
TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm. | ||||
CVE-2023-39745 | 1 Tp-link | 9 Tl-wr841n, Tl-wr841n V8, Tl-wr841n V8 Firmware and 6 more | 2024-11-21 | 7.5 High |
TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | ||||
CVE-2023-39610 | 1 Tp-link | 2 Tapo C100, Tapo C100 Firmware | 2024-11-21 | 6.5 Medium |
An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. | ||||
CVE-2023-39224 | 1 Tp-link | 3 Archer C5, Archer C7, Archer C7 Firmware | 2024-11-21 | 8.0 High |
Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided. | ||||
CVE-2023-38909 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | 6.5 Medium |
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function. | ||||
CVE-2023-38908 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | 6.5 Medium |
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function. | ||||
CVE-2023-38907 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | 7.5 High |
An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key. | ||||
CVE-2023-38906 | 1 Tp-link | 3 Tapo, Tapo L530e, Tapo L530e Firmware | 2024-11-21 | 6.5 Medium |
An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message. | ||||
CVE-2023-38588 | 1 Tp-link | 2 Archer C3150, Archer C3150 Firmware | 2024-11-21 | 8 High |
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | ||||
CVE-2023-38568 | 1 Tp-link | 2 Archer A10, Archer A10 Firmware | 2024-11-21 | 8.8 High |
Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | ||||
CVE-2023-38563 | 1 Tp-link | 5 Archer C1200, Archer C1200 Firmware, Archer C9 and 2 more | 2024-11-21 | 8.8 High |
Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | ||||
CVE-2023-37284 | 1 Tp-link | 2 Archer C20, Archer C20 Firmware | 2024-11-21 | 8.8 High |
Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication. | ||||
CVE-2023-36498 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2024-11-21 | 7.2 High |
A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell. | ||||
CVE-2023-36489 | 1 Tp-link | 6 Tl-wr802n, Tl-wr802n Firmware, Tl-wr841n and 3 more | 2024-11-21 | 8.8 High |
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. | ||||
CVE-2023-34829 | 1 Tp-link | 1 Tapo | 2024-11-21 | 6.5 Medium |
Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. | ||||
CVE-2023-32619 | 1 Tp-link | 4 Archer C50 V3, Archer C50 V3 Firmware, Archer C55 and 1 more | 2024-11-21 | 8.8 High |
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. |