Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search All
- CPE Name Search: false
- CPE Vendor: cpe:/:tp-link
- Ordered By: Publish Date Descending
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-43318 |
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests. Published: March 05, 2024; 7:15:52 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-47618 |
A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: February 06, 2024; 12:15:10 PM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-47617 |
A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: February 06, 2024; 12:15:09 PM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-47209 |
A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: February 06, 2024; 12:15:09 PM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-47167 |
A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: February 06, 2024; 12:15:09 PM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-46683 |
A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: February 06, 2024; 12:15:09 PM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-43482 |
A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: February 06, 2024; 12:15:08 PM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-42664 |
A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Published: February 06, 2024; 12:15:08 PM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-36498 |
A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell. Published: February 06, 2024; 12:15:08 PM -0500 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-49515 |
Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components. Published: January 16, 2024; 9:15:06 PM -0500 |
V3.1: 4.6 MEDIUM V2.0:(not available) |
CVE-2024-21833 |
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115", Deco X50 firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122", and Deco XE200 firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120". Published: January 10, 2024; 7:15:44 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-21821 |
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", and Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115". Published: January 10, 2024; 7:15:44 PM -0500 |
V3.1: 8.0 HIGH V2.0:(not available) |
CVE-2024-21773 |
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", Deco X50 firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122", and Deco XE200 firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120". Published: January 10, 2024; 7:15:44 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-27098 |
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. Published: January 08, 2024; 9:15:44 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-34829 |
Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. Published: December 27, 2023; 10:15:07 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-39610 |
An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. Published: October 31, 2023; 5:15:08 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-46539 |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. Published: October 25, 2023; 2:17:38 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-46538 |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister. Published: October 25, 2023; 2:17:38 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-46537 |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister. Published: October 25, 2023; 2:17:38 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-46536 |
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister. Published: October 25, 2023; 2:17:38 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |