Vulnerabilities > TP Link > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-17 | CVE-2019-13613 | Out-of-bounds Write vulnerability in Tp-Link Archer C1200 Firmware 1.0.0 CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 (EU) and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server. | 7.5 |
| 2018-12-01 | CVE-2018-3951 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tp-Link Tl-R600Vpn Firmware An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. | 7.2 |
| 2018-12-01 | CVE-2018-3950 | Out-of-bounds Write vulnerability in Tp-Link Tl-R600Vpn Firmware 1.2.3/1.3.0 An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. | 8.8 |
| 2018-12-01 | CVE-2018-3949 | Path Traversal vulnerability in Tp-Link Tl-R600Vpn Firmware 1.2.3/1.3.0 An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. | 7.5 |
| 2018-11-30 | CVE-2018-3948 | Improper Input Validation vulnerability in Tp-Link Tl-R600Vpn Firmware 1.2.3/1.3.0 An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. | 7.5 |
| 2018-07-02 | CVE-2018-12575 | Improper Authentication vulnerability in Tp-Link Tl-Wr841N Firmware 0.9.14.16 On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. | 7.5 |
| 2018-06-23 | CVE-2018-12694 | Improper Input Validation vulnerability in Tp-Link Tl-Wa850Re Firmware TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. | 7.8 |
| 2018-05-30 | CVE-2018-11482 | Use of Hard-coded Credentials vulnerability in Tp-Link products /usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. | 7.5 |
| 2017-12-20 | CVE-2017-17746 | Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Sg108E Firmware 1.0.0 Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. | 7.7 |
| 2017-06-26 | CVE-2017-9466 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Tp-Link Wr841N V8 Firmware The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. | 7.5 |