Vulnerabilities > TP Link
|2021-01-06||CVE-2020-36178|| OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware 6Eu0.9.14.16 |
oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables).
| 10.0 |
|2020-12-26||CVE-2020-35575|| Insufficiently Protected Credentials vulnerability in Tp-Link products |
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel.
| 7.5 |
|2020-11-21||CVE-2020-5797|| Link Following vulnerability in Tp-Link Archer C9 Firmware 180125 |
UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.
| 3.6 |
|2020-11-20||CVE-2020-28877|| Classic Buffer Overflow vulnerability in Tp-Link products |
Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.
| 7.5 |
|2020-11-18||CVE-2020-28005|| Classic Buffer Overflow vulnerability in Tp-Link Tl-Wpa4220 Firmware |
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint.
| 3.5 |
|2020-11-18||CVE-2020-24297|| OS Command Injection vulnerability in Tp-Link Tl-Wpa4220 Firmware |
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline.
| 9.0 |
|2020-11-08||CVE-2020-28347|| Command Injection vulnerability in Tp-Link Ac1750 Firmware 190726 |
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter.
| 10.0 |
|2020-11-06||CVE-2020-5795|| Link Following vulnerability in Tp-Link Archer A7 Firmware 200721 |
UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router.
| 7.2 |
|2020-08-31||CVE-2020-24363|| Missing Authentication FOR Critical Function vulnerability in Tp-Link Tl-Wa855Re Firmware 20200415 |
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot.
| 8.3 |
|2020-08-07||CVE-2020-15057|| Improper Input Validation vulnerability in Tp-Link Tl-Ps310U Firmware |
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values.
| 6.1 |