Vulnerabilities > TP Link

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-43135 Missing Authorization vulnerability in Tp-Link Tl-Er5120G Firmware 2.0.0
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.
network
low complexity
tp-link CWE-862
critical
9.8
2023-09-20 CVE-2023-43137 Command Injection vulnerability in Tp-Link Tl-Er5120G Firmware 2.0.0
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.
network
low complexity
tp-link CWE-77
8.8
2023-09-20 CVE-2023-43138 Command Injection vulnerability in Tp-Link Tl-Er5120G Firmware 2.0.0
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.
network
low complexity
tp-link CWE-77
8.8
2023-09-06 CVE-2023-31188 OS Command Injection vulnerability in Tp-Link Archer C50 V3 Firmware and Archer C55 Firmware
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands.
low complexity
tp-link CWE-78
8.0
2023-09-06 CVE-2023-32619 Use of Hard-coded Credentials vulnerability in Tp-Link Archer C50 V3 Firmware and Archer C55 Firmware
Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.
low complexity
tp-link CWE-798
8.8
2023-09-06 CVE-2023-36489 OS Command Injection vulnerability in Tp-Link products
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.
low complexity
tp-link CWE-78
8.8
2023-09-06 CVE-2023-37284 Improper Authentication vulnerability in Tp-Link Archer C20 Firmware 150707
Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.
low complexity
tp-link CWE-287
8.8
2023-09-06 CVE-2023-38563 OS Command Injection vulnerability in Tp-Link Archer C1200 Firmware and Archer C9 Firmware
Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.
low complexity
tp-link CWE-78
8.8
2023-09-06 CVE-2023-38568 OS Command Injection vulnerability in Tp-Link Archer A10 Firmware 230504
Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.
low complexity
tp-link CWE-78
8.8
2023-09-06 CVE-2023-38588 OS Command Injection vulnerability in Tp-Link Archer C3150 Firmware
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
low complexity
tp-link CWE-78
8.0