Vulnerabilities > TP Link

DATE CVE VULNERABILITY TITLE RISK
2018-06-23 CVE-2018-12693 Out-of-bounds Write vulnerability in Tp-Link Tl-Wa850Re Firmware
Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json.
network
low complexity
tp-link CWE-787
6.5
2018-06-23 CVE-2018-12692 OS Command Injection vulnerability in Tp-Link Tl-Wa850Re Firmware
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json.
network
low complexity
tp-link CWE-78
8.8
2018-06-04 CVE-2018-11714 Session Fixation vulnerability in Tp-Link Tl-Wr840N Firmware and Tl-Wr841N Firmware
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices.
network
low complexity
tp-link CWE-384
critical
9.8
2018-05-30 CVE-2018-11482 Use of Hard-coded Credentials vulnerability in Tp-Link products
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
network
low complexity
tp-link CWE-798
critical
9.8
2018-05-30 CVE-2018-11481 Improper Input Validation vulnerability in Tp-Link products
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
network
low complexity
tp-link CWE-20
8.8
2018-05-03 CVE-2018-10168 Improper Privilege Management vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator.
network
low complexity
tp-link CWE-269
8.8
2018-05-03 CVE-2018-10167 Use of Hard-coded Credentials vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it.
network
high complexity
tp-link CWE-798
7.5
2018-05-03 CVE-2018-10166 Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms.
network
low complexity
tp-link CWE-352
8.8
2018-05-03 CVE-2018-10165 Cross-site Scripting vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the userName parameter in the local user creation functionality.
network
low complexity
tp-link CWE-79
5.4
2018-05-03 CVE-2018-10164 Cross-site Scripting vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script or HTML via the implementation of portalPictureUpload functionality.
network
low complexity
tp-link CWE-79
5.4