Vulnerabilities > TP Link
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2023-47617 | OS Command Injection vulnerability in Tp-Link Er7206 Firmware 1.3.0 A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. | 7.2 |
| 2024-02-06 | CVE-2023-47618 | OS Command Injection vulnerability in Tp-Link Er7206 Firmware 1.3.0 A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. | 7.2 |
| 2024-01-17 | CVE-2023-49515 | Unspecified vulnerability in Tp-Link Tapo C200 Firmware and Tapo Tc70 Firmware Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components. low complexity tp-link | 4.6 |
| 2024-01-11 | CVE-2024-21773 | OS Command Injection vulnerability in Tp-Link products Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings. | 8.8 |
| 2024-01-11 | CVE-2024-21821 | OS Command Injection vulnerability in Tp-Link products Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. | 8.0 |
| 2024-01-11 | CVE-2024-21833 | OS Command Injection vulnerability in Tp-Link products Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. | 8.8 |
| 2024-01-09 | CVE-2023-27098 | Cleartext Storage of Sensitive Information vulnerability in Tp-Link Tapo TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | 7.5 |
| 2023-12-28 | CVE-2023-34829 | Cleartext Transmission of Sensitive Information vulnerability in Tp-Link Tapo 2.11.44/2.8.14 Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. | 6.5 |
| 2023-10-31 | CVE-2023-39610 | Resource Exhaustion vulnerability in Tp-Link Tapo C100 Firmware 1.1.15 An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. | 6.5 |
| 2023-10-25 | CVE-2023-46371 | Out-of-bounds Write vulnerability in Tp-Link Tl-Wdr7660 Firmware 2.0.30 TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. | 9.8 |