Vulnerabilities > TP Link > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-15 | CVE-2021-28858 | Cleartext Storage of Sensitive Information vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2 TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. | 2.1 |
| 2021-02-13 | CVE-2021-27209 | Cleartext Transmission of Sensitive Information vulnerability in Tp-Link Archer C5V Firmware 1.7181221 In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base64 format over cleartext HTTP. | 3.6 |
| 2020-11-21 | CVE-2020-5797 | Link Following vulnerability in Tp-Link Archer C9 Firmware 180125 UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. | 3.6 |
| 2020-11-18 | CVE-2020-28005 | Classic Buffer Overflow vulnerability in Tp-Link Tl-Wpa4220 Firmware httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. | 3.5 |
| 2020-08-07 | CVE-2020-15054 | Insufficiently Protected Credentials vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | 3.3 |
| 2020-08-07 | CVE-2020-15056 | Cross-site Scripting vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | 2.3 |
| 2020-06-23 | CVE-2020-14965 | Injection vulnerability in Tp-Link Tl-Wr740N Firmware and Tl-Wr740Nd Firmware On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. | 3.5 |
| 2020-05-04 | CVE-2020-12475 | Path Traversal vulnerability in Tp-Link Omada Controller 3.2.6 TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. | 2.1 |
| 2019-05-24 | CVE-2019-12195 | Cross-site Scripting vulnerability in Tp-Link Tl-Wr840N Firmware 0.9.13.16 TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. | 3.5 |
| 2018-12-23 | CVE-2018-20372 | Cross-site Scripting vulnerability in Tp-Link Td-W8961Nd Firmware 1.0.1 TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. | 3.5 |