Vulnerabilities > TP Link

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2021-44629 Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr886N Firmware 201908262.3.8
A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
network
low complexity
tp-link CWE-120
critical
9.8
2022-03-10 CVE-2021-44630 Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr886N Firmware 201908262.3.8
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
network
low complexity
tp-link CWE-120
critical
9.8
2022-03-10 CVE-2021-44631 Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr886N Firmware 201908262.3.8
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request.
network
low complexity
tp-link CWE-120
critical
9.8
2022-03-10 CVE-2021-44632 Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr886N Firmware 201908262.3.8
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
network
low complexity
tp-link CWE-120
critical
9.8
2022-03-10 CVE-2021-4045 Command Injection vulnerability in Tp-Link Tapo C200 Firmware
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root.
network
low complexity
tp-link CWE-77
critical
9.8
2022-03-04 CVE-2021-44827 OS Command Injection vulnerability in Tp-Link Archer C20I Firmware
There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges.
network
low complexity
tp-link CWE-78
8.8
2022-02-25 CVE-2022-25060 OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware 6.20180709
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.
network
low complexity
tp-link CWE-78
critical
9.8
2022-02-25 CVE-2022-25061 OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware 6.20180709
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.
network
low complexity
tp-link CWE-78
critical
9.8
2022-02-25 CVE-2022-25062 Integer Overflow or Wraparound vulnerability in Tp-Link Tl-Wr840N Firmware 6.20180709
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString.
network
low complexity
tp-link CWE-190
7.5
2022-02-25 CVE-2022-25064 OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware 6.20180709
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.
network
low complexity
tp-link CWE-78
critical
9.8