Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
- CPE Name Search: false
- CPE Vendor: cpe:/:tp-link
- Ordered By: Publish Date Descending
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-36356 |
TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. Published: June 22, 2023; 4:15:09 PM -0400 |
V3.1: 7.7 HIGH V2.0:(not available) |
CVE-2023-36355 |
TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. Published: June 22, 2023; 4:15:09 PM -0400 |
V3.1: 9.9 CRITICAL V2.0:(not available) |
CVE-2023-36354 |
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. Published: June 22, 2023; 4:15:09 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-34832 |
TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4. Published: June 16, 2023; 2:15:09 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-29562 |
TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale. Published: June 13, 2023; 4:15:09 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-27836 |
TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C. Published: June 13, 2023; 3:15:09 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-27837 |
TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774. Published: June 13, 2023; 1:15:14 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-28478 |
TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow. Published: June 12, 2023; 4:15:11 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-33538 |
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . Published: June 07, 2023; 12:15:10 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-33537 |
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm. Published: June 07, 2023; 12:15:10 AM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2023-33536 |
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm. Published: June 07, 2023; 12:15:10 AM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2023-27126 |
The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the victim. Published: June 06, 2023; 2:15:10 PM -0400 |
V3.1: 4.6 MEDIUM V2.0:(not available) |
CVE-2023-31756 |
A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter. Published: May 19, 2023; 9:15:08 AM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2023-31701 |
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove. Published: May 17, 2023; 10:15:09 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-31700 |
TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd. Published: May 17, 2023; 10:15:09 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-2646 |
A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: May 11, 2023; 4:15:08 AM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-37255 |
TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603. Published: April 15, 2023; 10:15:08 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-28368 |
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained. Published: April 11, 2023; 5:15:08 AM -0400 |
V3.1: 5.7 MEDIUM V2.0:(not available) |
CVE-2022-43636 |
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of sufficient randomness in the sequnce numbers used for session managment. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-18334. Published: March 29, 2023; 3:15:20 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-43635 |
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the incorrect implementation of the authentication algorithm. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17332. Published: March 29, 2023; 3:15:20 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |