Vulnerabilities > TP Link > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-13 | CVE-2025-25897 | Out-of-bounds Write vulnerability in Tp-Link Tl-Wr841Nd Firmware A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. | 7.5 |
| 2025-02-13 | CVE-2025-25898 | Out-of-bounds Write vulnerability in Tp-Link Tl-Wr841Nd Firmware A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. | 7.5 |
| 2025-02-13 | CVE-2025-25901 | Out-of-bounds Write vulnerability in Tp-Link Tl-Wr841Nd Firmware A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. | 7.5 |
| 2024-12-08 | CVE-2024-12343 | Classic Buffer Overflow vulnerability in Tp-Link Vn020 F3V Firmware 6.2.1021 A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. | 8.8 |
| 2024-11-01 | CVE-2024-22733 | NULL Pointer Dereference vulnerability in Tp-Link Mr200 Firmware 210201 TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker. | 7.5 |
| 2024-03-06 | CVE-2023-43318 | Unspecified vulnerability in Tp-Link Tl-Sg2210P Firmware 5.0 TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests. | 8.8 |
| 2024-01-11 | CVE-2024-21773 | OS Command Injection vulnerability in Tp-Link products Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings. | 8.8 |
| 2024-01-11 | CVE-2024-21821 | OS Command Injection vulnerability in Tp-Link products Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. | 8.0 |
| 2024-01-11 | CVE-2024-21833 | OS Command Injection vulnerability in Tp-Link products Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. | 8.8 |
| 2024-01-09 | CVE-2023-27098 | Cleartext Storage of Sensitive Information vulnerability in Tp-Link Tapo TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | 7.5 |