Vulnerabilities > TP Link > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2024-21821 | OS Command Injection vulnerability in Tp-Link products Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. | 8.0 |
| 2024-01-11 | CVE-2024-21833 | OS Command Injection vulnerability in Tp-Link products Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. | 8.8 |
| 2024-01-09 | CVE-2023-27098 | Cleartext Storage of Sensitive Information vulnerability in Tp-Link Tapo TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | 7.5 |
| 2023-10-10 | CVE-2023-42189 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. | 7.5 |
| 2023-09-25 | CVE-2023-38907 | Unspecified vulnerability in Tp-Link Tapo and Tapo L530E Firmware An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages encrypted with a still valid session key. | 7.5 |
| 2023-09-20 | CVE-2023-43137 | Command Injection vulnerability in Tp-Link Tl-Er5120G Firmware 2.0.0 TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. | 8.8 |
| 2023-09-20 | CVE-2023-43138 | Command Injection vulnerability in Tp-Link Tl-Er5120G Firmware 2.0.0 TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. | 8.8 |
| 2023-09-06 | CVE-2023-31188 | OS Command Injection vulnerability in Tp-Link Archer C50 V3 Firmware and Archer C55 Firmware Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. | 8.0 |
| 2023-09-06 | CVE-2023-32619 | Use of Hard-coded Credentials vulnerability in Tp-Link Archer C50 V3 Firmware and Archer C55 Firmware Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command. | 8.8 |
| 2023-09-06 | CVE-2023-36489 | OS Command Injection vulnerability in Tp-Link products Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. | 8.8 |