Vulnerabilities > TP Link > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-09 CVE-2022-0162 Cleartext Transmission of Sensitive Information vulnerability in Tp-Link Tl-Wr841N Firmware 3.16.9
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format.
network
low complexity
tp-link CWE-319
critical
9.8
2022-01-21 CVE-2021-35003 Unspecified vulnerability in Tp-Link Archer C90 Firmware 1.0.6
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers.
network
low complexity
tp-link
critical
9.8
2022-01-21 CVE-2021-35004 Unspecified vulnerability in Tp-Link Tl-Wa1201 Firmware 1.0.1
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link TL-WA1201 1.0.1 Build 20200709 rel.66244(5553) wireless access points.
network
low complexity
tp-link
critical
9.8
2021-11-13 CVE-2021-41653 Code Injection vulnerability in Tp-Link Tl-Wr840N Firmware
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
network
low complexity
tp-link CWE-94
critical
9.8
2021-01-06 CVE-2020-36178 OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware 6Eu0.9.14.16
oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables).
network
low complexity
tp-link CWE-78
critical
9.8
2020-12-26 CVE-2020-35575 Unspecified vulnerability in Tp-Link products
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel.
network
low complexity
tp-link
critical
9.8
2020-11-20 CVE-2020-28877 Classic Buffer Overflow vulnerability in Tp-Link products
Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.
network
low complexity
tp-link CWE-120
critical
9.8
2020-11-08 CVE-2020-28347 OS Command Injection vulnerability in Tp-Link Ac1750 Firmware 190726
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter.
network
low complexity
tp-link CWE-78
critical
9.8
2020-05-04 CVE-2020-12110 Use of Hard-coded Credentials vulnerability in Tp-Link products
Certain TP-Link devices have a Hardcoded Encryption Key.
network
low complexity
tp-link CWE-798
critical
9.8
2020-03-25 CVE-2020-10888 Improper Authentication vulnerability in Tp-Link Ac1750 Firmware 190726
This vulnerability allows remote attackers to bypass authentication on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers.
network
low complexity
tp-link CWE-287
critical
9.8