Vulnerabilities > TP Link > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-23 | CVE-2021-4144 | OS Command Injection vulnerability in Tp-Link Tl-Wr802N Firmware TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. | 8.8 |
| 2021-12-17 | CVE-2021-41451 | HTTP Request Smuggling vulnerability in Tp-Link Archer Ax10 Firmware 230220/230508 A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack. | 7.5 |
| 2021-12-08 | CVE-2021-41450 | HTTP Request Smuggling vulnerability in Tp-Link Archer Ax10 V1 Firmware 1.3.1/210809/211014 An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. | 7.5 |
| 2021-12-07 | CVE-2021-40288 | Authentication Bypass by Spoofing vulnerability in Tp-Link Archer Ax10 Firmware 230220/230508 A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames | 7.5 |
| 2021-06-15 | CVE-2021-28857 | Insufficiently Protected Credentials vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2 TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie. | 7.5 |
| 2021-06-10 | CVE-2021-31658 | Improper Validation of Array Index vulnerability in Tp-Link Tl-Sg2005 Firmware and Tl-Sg2008 Firmware TP-Link TL-SG2005, TL-SG2008, etc. | 8.1 |
| 2021-06-10 | CVE-2021-31659 | Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link Tl-Sg2005 Firmware and Tl-Sg2008 Firmware TP-Link TL-SG2005, TL-SG2008, etc. | 8.8 |
| 2021-04-14 | CVE-2021-27246 | Stack-based Buffer Overflow vulnerability in Tp-Link Ac1750 Firmware 1.0.15 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. | 8.0 |
| 2021-04-14 | CVE-2021-26827 | Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr2041+ Firmware Buffer Overflow in TP-Link WR2041 v1 firmware for the TL-WR2041+ router allows remote attackers to cause a Denial-of-Service (DoS) by sending an HTTP request with a very long "ssid" parameter to the "/userRpm/popupSiteSurveyRpm.html" webpage, which crashes the router. | 7.5 |
| 2021-04-12 | CVE-2021-3125 | Excessive Iteration vulnerability in Tp-Link products In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6060 Turbo < 1.1.8, TL-XDR5430 < 1.0.11, and possibly others, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. | 7.5 |