Vulnerabilities > TP Link > High

DATE CVE VULNERABILITY TITLE RISK
2019-08-22 CVE-2019-15060 OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware 0.9.1/0.9.1.4.16/0.9.13.16
The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.
network
low complexity
tp-link CWE-78
8.8
2019-08-14 CVE-2019-12104 Command Injection vulnerability in Tp-Link M7350 Firmware 1.0.16/151021/160330
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities.
network
low complexity
tp-link CWE-77
8.8
2019-06-20 CVE-2018-16119 Out-of-bounds Write vulnerability in Tp-Link Tl-Wr1043Nd Firmware 3.00
Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (Firmware Version 3) allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm.
network
low complexity
tp-link CWE-787
7.2
2019-06-19 CVE-2019-6972 Inadequate Encryption Strength vulnerability in Tp-Link Tl-Wr1043Nd Firmware 2.0
An issue was discovered on TP-Link TL-WR1043ND V2 devices.
network
low complexity
tp-link CWE-326
7.5
2019-06-06 CVE-2019-6989 Out-of-bounds Write vulnerability in Tp-Link Tl-Wr940N Firmware and Tl-Wr941Nd Firmware
TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function.
network
low complexity
tp-link CWE-787
8.8
2019-03-29 CVE-2018-15840 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tp-Link Tl-Wr840N Firmware
TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command.
network
low complexity
tp-link CWE-119
7.5
2019-01-18 CVE-2019-6487 OS Command Injection vulnerability in Tp-Link products
TP-Link WDR Series devices through firmware v3 (such as TL-WDR5620 V3.0) are affected by command injection (after login) leading to remote code execution, because shell metacharacters can be included in the weather get_weather_observe citycode field.
network
low complexity
tp-link CWE-78
8.8
2018-12-01 CVE-2018-3951 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tp-Link Tl-R600Vpn Firmware
An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server.
network
low complexity
tp-link CWE-119
7.2
2018-12-01 CVE-2018-3950 Out-of-bounds Write vulnerability in Tp-Link Tl-R600Vpn Firmware 1.2.3/1.3.0
An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server.
network
low complexity
tp-link CWE-787
8.8
2018-12-01 CVE-2018-3949 Path Traversal vulnerability in Tp-Link Tl-R600Vpn Firmware 1.2.3/1.3.0
An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN.
network
low complexity
tp-link CWE-22
7.5