Vulnerabilities > TP Link
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-23 | CVE-2020-14965 | Cross-site Scripting vulnerability in Tp-Link Tl-Wr740N Firmware and Tl-Wr740Nd Firmware On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. | 4.8 |
| 2020-06-17 | CVE-2020-13224 | Classic Buffer Overflow vulnerability in Tp-Link products TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow | 8.8 |
| 2020-06-08 | CVE-2020-12695 | Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | 7.5 |
| 2020-05-07 | CVE-2020-10916 | Improper Authentication vulnerability in Tp-Link Tl-Wa855Re Firmware 190408/191213 This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. | 8.0 |
| 2020-05-04 | CVE-2020-12109 | OS Command Injection vulnerability in Tp-Link products Certain TP-Link devices allow Command Injection. | 8.8 |
| 2020-05-04 | CVE-2020-12111 | OS Command Injection vulnerability in Tp-Link Nc260 Firmware and Nc450 Firmware Certain TP-Link devices allow Command Injection. | 8.8 |
| 2020-05-04 | CVE-2020-12475 | Path Traversal vulnerability in Tp-Link Omada Controller 3.2.6 TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. | 5.5 |
| 2020-05-04 | CVE-2020-12110 | Use of Hard-coded Credentials vulnerability in Tp-Link products Certain TP-Link devices have a Hardcoded Encryption Key. | 9.8 |
| 2020-04-02 | CVE-2020-8423 | Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr841N Firmware 3.16.9 A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network. | 7.2 |
| 2020-04-01 | CVE-2020-10231 | NULL Pointer Dereference vulnerability in Tp-Link products TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference. | 7.5 |