Vulnerabilities > TP Link > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-06 | CVE-2016-1000009 | 7PK - Security Features vulnerability in Tp-Link TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. | 5.0 |
| 2015-01-09 | CVE-2014-9510 | Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link Tl-Wr840N Firmware 3.13.27 Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. | 6.8 |
| 2014-12-08 | CVE-2014-9350 | Data Processing Errors vulnerability in Tp-Link Tl-Wr740N and Tl-Wr740N Firmware TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm. | 5.0 |
| 2014-09-30 | CVE-2014-4728 | Resource Management Errors vulnerability in Tp-Link Tl-Wdr4300 and Tl-Wdr4300 Firmware The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request. | 5.0 |
| 2014-09-30 | CVE-2014-4727 | Cross-Site Scripting vulnerability in Tp-Link Tl-Wdr4300 and Tl-Wdr4300 Firmware Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request. | 4.3 |
| 2014-09-30 | CVE-2012-6316 | Cross-Site Scripting vulnerability in Tp-Link Tl-Wr841N and Tl-Wr841N Firmware Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. | 4.3 |
| 2013-01-26 | CVE-2012-6276 | Path Traversal vulnerability in Tp-Link Tl-Wr841N and Tl-Wr841N Firmware Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter. | 4.3 |