Vulnerabilities > TP Link

DATE CVE VULNERABILITY TITLE RISK
2019-05-24 CVE-2019-12195 Cross-site Scripting vulnerability in Tp-Link Tl-Wr840N Firmware 0.9.13.16
TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name.
network
low complexity
tp-link CWE-79
4.8
2019-05-15 CVE-2016-10719 Cross-site Scripting vulnerability in Tp-Link Archer Cr700 Firmware 1.0.6
TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password.
network
low complexity
tp-link CWE-79
6.1
2019-04-16 CVE-2018-18489 Unspecified vulnerability in Tp-Link Wr840N Firmware 3.16.9
The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472.
network
low complexity
tp-link
4.9
2019-03-29 CVE-2018-15840 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tp-Link Tl-Wr840N Firmware
TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command.
network
low complexity
tp-link CWE-119
7.5
2019-01-18 CVE-2019-6487 OS Command Injection vulnerability in Tp-Link products
TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.
network
low complexity
tp-link CWE-78
8.8
2018-12-23 CVE-2018-20372 Cross-site Scripting vulnerability in Tp-Link Td-W8961Nd Firmware 1.0.1
TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.
network
low complexity
tp-link CWE-79
5.4
2018-12-01 CVE-2018-3951 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tp-Link Tl-R600Vpn Firmware
An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server.
network
low complexity
tp-link CWE-119
7.2
2018-12-01 CVE-2018-3950 Out-of-bounds Write vulnerability in Tp-Link Tl-R600Vpn Firmware 1.2.3/1.3.0
An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server.
network
low complexity
tp-link CWE-787
8.8
2018-12-01 CVE-2018-3949 Path Traversal vulnerability in Tp-Link Tl-R600Vpn Firmware 1.2.3/1.3.0
An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN.
network
low complexity
tp-link CWE-22
7.5
2018-11-30 CVE-2018-3948 Improper Input Validation vulnerability in Tp-Link Tl-R600Vpn Firmware 1.2.3/1.3.0
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server.
network
low complexity
tp-link CWE-20
7.5