Vulnerabilities > TP Link
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-20 | CVE-2020-28877 | Classic Buffer Overflow vulnerability in Tp-Link products Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N. | 9.8 |
| 2020-11-18 | CVE-2020-28005 | Classic Buffer Overflow vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2 httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. | 6.5 |
| 2020-11-18 | CVE-2020-24297 | OS Command Injection vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2 httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. | 8.8 |
| 2020-11-08 | CVE-2020-28347 | OS Command Injection vulnerability in Tp-Link Ac1750 Firmware 190726 tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. | 9.8 |
| 2020-11-06 | CVE-2020-5795 | Link Following vulnerability in Tp-Link Archer A7 Firmware 200721 UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. | 6.2 |
| 2020-08-31 | CVE-2020-24363 | Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Wa855Re Firmware 20200415 TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. | 8.8 |
| 2020-08-07 | CVE-2020-15057 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. | 6.5 |
| 2020-08-07 | CVE-2020-15056 | Cross-site Scripting vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | 4.3 |
| 2020-08-07 | CVE-2020-15055 | Improper Authentication vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | 8.8 |
| 2020-08-07 | CVE-2020-15054 | Insufficiently Protected Credentials vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | 8.8 |