Vulnerabilities > TP Link
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-26 | CVE-2021-3275 | Cross-site Scripting vulnerability in Tp-Link products Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. | 6.1 |
| 2021-02-13 | CVE-2021-27210 | Cleartext Storage of Sensitive Information vulnerability in Tp-Link Archer C5V Firmware 1.7181221 TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI. | 6.5 |
| 2021-02-13 | CVE-2021-27209 | Cleartext Transmission of Sensitive Information vulnerability in Tp-Link Archer C5V Firmware 1.7181221 In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP. | 7.1 |
| 2021-01-26 | CVE-2020-35576 | OS Command Injection vulnerability in Tp-Link Tl-Wr841N Firmware A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577. | 8.8 |
| 2021-01-06 | CVE-2020-36178 | OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware 6Eu0.9.14.16 oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). | 9.8 |
| 2020-12-26 | CVE-2020-35575 | Unspecified vulnerability in Tp-Link products A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. | 9.8 |
| 2020-11-21 | CVE-2020-5797 | Link Following vulnerability in Tp-Link Archer C9 Firmware 180125 UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. | 6.1 |
| 2020-11-20 | CVE-2020-28877 | Classic Buffer Overflow vulnerability in Tp-Link products Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N. | 9.8 |
| 2020-11-18 | CVE-2020-28005 | Classic Buffer Overflow vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2 httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. | 6.5 |
| 2020-11-18 | CVE-2020-24297 | OS Command Injection vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2 httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. | 8.8 |