Vulnerabilities > TP Link

DATE CVE VULNERABILITY TITLE RISK
2021-01-06 CVE-2020-36178 OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware 6Eu0.9.14.16
oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables).
network
low complexity
tp-link CWE-78
critical
10.0
2020-12-26 CVE-2020-35575 Insufficiently Protected Credentials vulnerability in Tp-Link products
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel.
network
low complexity
tp-link CWE-522
7.5
2020-11-21 CVE-2020-5797 Link Following vulnerability in Tp-Link Archer C9 Firmware 180125
UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.
local
low complexity
tp-link CWE-59
3.6
2020-11-20 CVE-2020-28877 Classic Buffer Overflow vulnerability in Tp-Link products
Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.
network
low complexity
tp-link CWE-120
7.5
2020-11-18 CVE-2020-28005 Classic Buffer Overflow vulnerability in Tp-Link Tl-Wpa4220 Firmware
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint.
network
tp-link CWE-120
3.5
2020-11-18 CVE-2020-24297 OS Command Injection vulnerability in Tp-Link Tl-Wpa4220 Firmware
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline.
network
low complexity
tp-link CWE-78
critical
9.0
2020-11-08 CVE-2020-28347 Command Injection vulnerability in Tp-Link Ac1750 Firmware 190726
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter.
network
low complexity
tp-link CWE-77
critical
10.0
2020-11-06 CVE-2020-5795 Link Following vulnerability in Tp-Link Archer A7 Firmware 200721
UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router.
local
low complexity
tp-link CWE-59
7.2
2020-08-31 CVE-2020-24363 Missing Authentication FOR Critical Function vulnerability in Tp-Link Tl-Wa855Re Firmware 20200415
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot.
low complexity
tp-link CWE-306
8.3
2020-08-07 CVE-2020-15057 Improper Input Validation vulnerability in Tp-Link Tl-Ps310U Firmware
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values.
low complexity
tp-link CWE-20
6.1