Vulnerabilities > TP Link
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-25 | CVE-2017-8219 | Improper Input Validation vulnerability in Tp-Link C20I Firmware and C2 Firmware TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. | 6.5 |
| 2017-04-25 | CVE-2017-8218 | Insecure Default Initialization of Resource vulnerability in Tp-Link C20I Firmware and C2 Firmware vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password. | 9.8 |
| 2017-04-25 | CVE-2017-8217 | Missing Authorization vulnerability in Tp-Link C20I Firmware and C2 Firmware TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. | 5.3 |
| 2017-04-23 | CVE-2017-8078 | Improper Authentication vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2 On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). | 5.3 |
| 2017-04-23 | CVE-2017-8077 | Use of Hard-coded Credentials vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2 On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). | 7.5 |
| 2017-04-23 | CVE-2017-8076 | Inadequate Encryption Strength vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2 On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. | 9.8 |
| 2017-04-23 | CVE-2017-8075 | Information Exposure Through Log Files vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2 On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. | 9.8 |
| 2017-04-23 | CVE-2017-8074 | Information Exposure Through Log Files vulnerability in Tp-Link Tl-Sg108E Firmware 1.1.2 On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. | 9.8 |
| 2016-10-06 | CVE-2016-1000009 | 7PK - Security Features vulnerability in Tp-Link TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. | 7.5 |
| 2015-04-22 | CVE-2015-3035 | Path Traversal vulnerability in Tp-Link products Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310 allows remote attackers to read arbitrary files via a .. | 7.5 |