Vulnerabilities > TP Link > High

DATE CVE VULNERABILITY TITLE RISK
2021-04-14 CVE-2021-27246 Unspecified vulnerability in Tp-Link Ac1750 Firmware 1.0.15
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers.
low complexity
tp-link
8.0
2021-04-14 CVE-2021-26827 Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr2041+ Firmware
Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the "/userRpm/popupSiteSurveyRpm.html" webpage, which crashes the router.
network
low complexity
tp-link CWE-120
7.5
2021-04-12 CVE-2021-3125 Excessive Iteration vulnerability in Tp-Link products
In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router.
network
low complexity
tp-link CWE-834
7.5
2021-04-12 CVE-2021-29302 Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr802N Firmware
TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message.
network
high complexity
tp-link CWE-120
8.1
2021-03-29 CVE-2021-27245 Unspecified vulnerability in Tp-Link Archer A7 Firmware 200721/210519
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers.
network
high complexity
tp-link
8.1
2021-02-13 CVE-2021-27209 Cleartext Transmission of Sensitive Information vulnerability in Tp-Link Archer C5V Firmware 1.7181221
In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP.
local
low complexity
tp-link CWE-319
7.1
2021-01-26 CVE-2020-35576 OS Command Injection vulnerability in Tp-Link Tl-Wr841N Firmware
A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.
network
low complexity
tp-link CWE-78
8.8
2020-11-18 CVE-2020-24297 OS Command Injection vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2
httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline.
network
low complexity
tp-link CWE-78
8.8
2020-08-31 CVE-2020-24363 Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Wa855Re Firmware 20200415
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot.
low complexity
tp-link CWE-306
8.8
2020-08-07 CVE-2020-15055 Improper Authentication vulnerability in Tp-Link Tl-Ps310U Firmware
TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
low complexity
tp-link CWE-287
8.8