Vulnerabilities > TP Link > High

DATE CVE VULNERABILITY TITLE RISK
2022-02-25 CVE-2022-25062 Integer Overflow or Wraparound vulnerability in Tp-Link Tl-Wr840N Firmware 6.20180709
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString.
network
low complexity
tp-link CWE-190
7.5
2022-02-18 CVE-2022-24354 Unspecified vulnerability in Tp-Link Ac1750 Firmware 190726/201029/201030
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers.
low complexity
tp-link
8.8
2022-02-18 CVE-2022-24355 Out-of-bounds Write vulnerability in Tp-Link Tl-Wr940N Firmware 3.20.1/62111113.20.1/63.19.1
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers.
low complexity
tp-link CWE-787
8.8
2021-12-23 CVE-2021-4144 OS Command Injection vulnerability in Tp-Link Tl-Wr802N Firmware
TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection.
network
low complexity
tp-link CWE-78
8.8
2021-12-17 CVE-2021-41451 HTTP Request Smuggling vulnerability in Tp-Link Archer Ax10 Firmware 230220/230508
A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack.
network
low complexity
tp-link CWE-444
7.5
2021-12-08 CVE-2021-41450 HTTP Request Smuggling vulnerability in Tp-Link Archer Ax10 V1 Firmware 1.3.1/210809/211014
An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet.
network
low complexity
tp-link CWE-444
7.5
2021-12-07 CVE-2021-40288 Authentication Bypass by Spoofing vulnerability in Tp-Link Archer Ax10 Firmware 230220/230508
A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames
network
low complexity
tp-link CWE-290
7.5
2021-06-15 CVE-2021-28857 Insufficiently Protected Credentials vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2
TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.
network
low complexity
tp-link CWE-522
7.5
2021-06-10 CVE-2021-31658 Improper Validation of Array Index vulnerability in Tp-Link Tl-Sg2005 Firmware and Tl-Sg2008 Firmware
TP-Link TL-SG2005, TL-SG2008, etc.
network
low complexity
tp-link CWE-129
8.1
2021-06-10 CVE-2021-31659 Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link Tl-Sg2005 Firmware and Tl-Sg2008 Firmware
TP-Link TL-SG2005, TL-SG2008, etc.
network
low complexity
tp-link CWE-352
8.8