High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-18	CVE-2020-24297	OS Command Injection vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2 httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. network low complexity tp-link CWE-78	8.8
2020-08-31	CVE-2020-24363	Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Wa855Re Firmware 20200415 TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. low complexity tp-link CWE-306	8.8
2020-08-07	CVE-2020-15055	Improper Authentication vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. low complexity tp-link CWE-287	8.8
2020-08-07	CVE-2020-15054	Insufficiently Protected Credentials vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. low complexity tp-link CWE-522	8.8
2020-06-17	CVE-2020-13224	Classic Buffer Overflow vulnerability in Tp-Link products TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow network low complexity tp-link CWE-120	8.8
2020-06-08	CVE-2020-12695	Incorrect Default Permissions vulnerability in multiple products The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. network high complexity ui w1-fi asus broadcom canon cisco dlink dell epson hp huawei nec netgear ruckussecurity tp-link zte zyxel microsoft fedoraproject debian canonical CWE-276	7.5
2020-05-07	CVE-2020-10916	Improper Authentication vulnerability in Tp-Link Tl-Wa855Re Firmware 190408/191213 This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. low complexity tp-link CWE-287	8.0
2020-05-04	CVE-2020-12109	OS Command Injection vulnerability in Tp-Link products Certain TP-Link devices allow Command Injection. network low complexity tp-link CWE-78	8.8
2020-05-04	CVE-2020-12111	OS Command Injection vulnerability in Tp-Link Nc260 Firmware and Nc450 Firmware Certain TP-Link devices allow Command Injection. network low complexity tp-link CWE-78	8.8
2020-04-02	CVE-2020-8423	Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr841N Firmware 3.16.9 A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network. network low complexity tp-link CWE-120	7.2