Vulnerabilities > TP Link > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-28 | CVE-2022-26642 | Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr840N Firmware 0.9.1.4.16 TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. | 7.2 |
| 2022-03-10 | CVE-2021-44032 | Unspecified vulnerability in Tp-Link Omada Software Controller TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method specified in a connection request is allowed. | 7.5 |
| 2022-03-04 | CVE-2021-44827 | OS Command Injection vulnerability in Tp-Link Archer C20I Firmware There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges. | 8.8 |
| 2022-02-25 | CVE-2022-25062 | Integer Overflow or Wraparound vulnerability in Tp-Link Tl-Wr840N Firmware 6.20180709 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. | 7.5 |
| 2022-02-18 | CVE-2022-24354 | Unspecified vulnerability in Tp-Link Ac1750 Firmware 190726/201029/201030 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. low complexity tp-link | 8.8 |
| 2022-02-18 | CVE-2022-24355 | Out-of-bounds Write vulnerability in Tp-Link Tl-Wr940N Firmware 3.20.1/62111113.20.1/63.19.1 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. | 8.8 |
| 2021-12-23 | CVE-2021-4144 | OS Command Injection vulnerability in Tp-Link Tl-Wr802N Firmware TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. | 8.8 |
| 2021-12-17 | CVE-2021-41451 | HTTP Request Smuggling vulnerability in Tp-Link Archer Ax10 Firmware 230220/230508 A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack. | 7.5 |
| 2021-12-08 | CVE-2021-41450 | HTTP Request Smuggling vulnerability in Tp-Link Archer Ax10 V1 Firmware 1.3.1/210809/211014 An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. | 7.5 |
| 2021-12-07 | CVE-2021-40288 | Authentication Bypass by Spoofing vulnerability in Tp-Link Archer Ax10 Firmware 230220/230508 A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames | 7.5 |