Vulnerabilities > TP Link
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-09 | CVE-2014-9510 | Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link Tl-Wr840N Firmware 3.13.27 Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. | 6.8 |
| 2014-12-08 | CVE-2014-9350 | Data Processing Errors vulnerability in Tp-Link Tl-Wr740N and Tl-Wr740N Firmware TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm. | 5.0 |
| 2014-10-06 | CVE-2013-2645 | Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link Firmware Tlwr1043Ndv1120405 Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm. | 9.3 |
| 2014-09-30 | CVE-2014-4728 | Resource Management Errors vulnerability in Tp-Link Tl-Wdr4300 and Tl-Wdr4300 Firmware The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request. | 5.0 |
| 2014-09-30 | CVE-2014-4727 | Cross-Site Scripting vulnerability in Tp-Link Tl-Wdr4300 and Tl-Wdr4300 Firmware Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request. | 4.3 |
| 2014-09-30 | CVE-2012-6316 | Cross-Site Scripting vulnerability in Tp-Link Tl-Wr841N and Tl-Wr841N Firmware Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. | 4.3 |
| 2013-10-11 | CVE-2013-2581 | Permissions, Privileges, and Access Controls vulnerability in Tp-Link products cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action. | 7.8 |
| 2013-10-11 | CVE-2013-2580 | Unspecified vulnerability in Tp-Link products Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file in the mnt/mtd directory. network tp-link | 7.1 |
| 2013-10-11 | CVE-2013-2579 | Credentials Management vulnerability in Tp-Link products TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 have an empty password for the hardcoded "qmik" account, which allows remote attackers to obtain administrative access via a TELNET session. | 10.0 |
| 2013-10-11 | CVE-2013-2578 | OS Command Injection vulnerability in Tp-Link products cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters. | 10.0 |