Vulnerabilities > TP Link > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-21 | CVE-2021-35003 | Stack-based Buffer Overflow vulnerability in Tp-Link Archer C90 Firmware 1.0.6 This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. | 9.8 |
| 2022-01-21 | CVE-2021-35004 | Stack-based Buffer Overflow vulnerability in Tp-Link Tl-Wa1201 Firmware 1.0.1 This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points. | 9.8 |
| 2021-11-13 | CVE-2021-41653 | Code Injection vulnerability in Tp-Link Tl-Wr840N Firmware The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | 9.8 |
| 2021-01-06 | CVE-2020-36178 | OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware 6Eu0.9.14.16 oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). | 9.8 |
| 2020-12-26 | CVE-2020-35575 | Unspecified vulnerability in Tp-Link products A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. | 9.8 |
| 2020-11-20 | CVE-2020-28877 | Classic Buffer Overflow vulnerability in Tp-Link products Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N. | 9.8 |
| 2020-11-08 | CVE-2020-28347 | OS Command Injection vulnerability in Tp-Link Ac1750 Firmware 190726 tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. | 9.8 |
| 2020-05-04 | CVE-2020-12110 | Use of Hard-coded Credentials vulnerability in Tp-Link products Certain TP-Link devices have a Hardcoded Encryption Key. | 9.8 |
| 2020-03-25 | CVE-2020-10888 | Improper Authentication vulnerability in Tp-Link Ac1750 Firmware 190726 This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. | 9.8 |
| 2020-03-25 | CVE-2020-10887 | Unspecified vulnerability in Tp-Link Ac1750 Firmware 190726 This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. | 9.8 |