Vulnerabilities > TP Link
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
| 2020-05-07 | CVE-2020-10916 | Improper Authentication vulnerability in Tp-Link Tl-Wa855Re Firmware 190408/191213 This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. | 8.0 |
| 2020-05-04 | CVE-2020-12109 | OS Command Injection vulnerability in Tp-Link products Certain TP-Link devices allow Command Injection. | 8.8 |
| 2020-05-04 | CVE-2020-12111 | OS Command Injection vulnerability in Tp-Link Nc260 Firmware and Nc450 Firmware Certain TP-Link devices allow Command Injection. | 8.8 |
| 2020-05-04 | CVE-2020-12475 | Path Traversal vulnerability in Tp-Link Omada Controller 3.2.6 TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. | 5.5 |
| 2020-05-04 | CVE-2020-12110 | Use of Hard-coded Credentials vulnerability in Tp-Link products Certain TP-Link devices have a Hardcoded Encryption Key. | 9.8 |
| 2020-04-02 | CVE-2020-8423 | Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr841N Firmware 3.16.9 A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network. | 7.2 |
| 2020-04-01 | CVE-2020-10231 | NULL Pointer Dereference vulnerability in Tp-Link products TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference. | 7.5 |
| 2020-04-01 | CVE-2020-11445 | Unspecified vulnerability in Tp-Link products TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. | 5.3 |
| 2020-03-25 | CVE-2020-10888 | Improper Authentication vulnerability in Tp-Link Ac1750 Firmware 190726 This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. | 9.8 |