Vulnerabilities > TP Link > High

DATE CVE VULNERABILITY TITLE RISK
2020-08-07 CVE-2020-15054 Insufficiently Protected Credentials vulnerability in Tp-Link Tl-Ps310U Firmware
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
low complexity
tp-link CWE-522
8.8
2020-06-17 CVE-2020-13224 Classic Buffer Overflow vulnerability in Tp-Link products
TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow
network
low complexity
tp-link CWE-120
8.8
2020-06-08 CVE-2020-12695 Incorrect Default Permissions vulnerability in multiple products
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
7.5
2020-05-07 CVE-2020-10916 Improper Authentication vulnerability in Tp-Link Tl-Wa855Re Firmware 190408/191213
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders.
low complexity
tp-link CWE-287
8.0
2020-05-04 CVE-2020-12109 OS Command Injection vulnerability in Tp-Link products
Certain TP-Link devices allow Command Injection.
network
low complexity
tp-link CWE-78
8.8
2020-05-04 CVE-2020-12111 OS Command Injection vulnerability in Tp-Link Nc260 Firmware and Nc450 Firmware
Certain TP-Link devices allow Command Injection.
network
low complexity
tp-link CWE-78
8.8
2020-04-02 CVE-2020-8423 Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr841N Firmware 3.16.9
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network.
network
low complexity
tp-link CWE-120
7.2
2020-04-01 CVE-2020-10231 NULL Pointer Dereference vulnerability in Tp-Link products
TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.
network
low complexity
tp-link CWE-476
7.5
2020-03-25 CVE-2020-10884 Use of Hard-coded Credentials vulnerability in Tp-Link Ac1750 Firmware 190726
This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers.
low complexity
tp-link CWE-798
8.8
2020-03-25 CVE-2020-10883 Incorrect Permission Assignment for Critical Resource vulnerability in Tp-Link Ac1750 Firmware 190726
This vulnerability allows local attackers to escalate privileges on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers.
local
low complexity
tp-link CWE-732
7.8