Vulnerabilities > TP Link
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-20 | CVE-2023-43135 | Missing Authorization vulnerability in Tp-Link Tl-Er5120G Firmware 2.0.0 There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | 9.8 |
2023-09-20 | CVE-2023-43137 | Command Injection vulnerability in Tp-Link Tl-Er5120G Firmware 2.0.0 TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. | 8.8 |
2023-09-20 | CVE-2023-43138 | Command Injection vulnerability in Tp-Link Tl-Er5120G Firmware 2.0.0 TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. | 8.8 |
2023-09-06 | CVE-2023-31188 | OS Command Injection vulnerability in Tp-Link Archer C50 V3 Firmware and Archer C55 Firmware Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. | 8.0 |
2023-09-06 | CVE-2023-32619 | Use of Hard-coded Credentials vulnerability in Tp-Link Archer C50 V3 Firmware and Archer C55 Firmware Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. | 8.8 |
2023-09-06 | CVE-2023-36489 | OS Command Injection vulnerability in Tp-Link products Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | 8.8 |
2023-09-06 | CVE-2023-37284 | Improper Authentication vulnerability in Tp-Link Archer C20 Firmware 150707 Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication. | 8.8 |
2023-09-06 | CVE-2023-38563 | OS Command Injection vulnerability in Tp-Link Archer C1200 Firmware and Archer C9 Firmware Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | 8.8 |
2023-09-06 | CVE-2023-38568 | OS Command Injection vulnerability in Tp-Link Archer A10 Firmware 230504 Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | 8.8 |
2023-09-06 | CVE-2023-38588 | OS Command Injection vulnerability in Tp-Link Archer C3150 Firmware Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands. | 8.0 |