Vulnerabilities > TP Link > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-41540 | Use of Hard-coded Credentials vulnerability in Tp-Link Ax10 Firmware V1211117 The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. | 5.9 |
| 2022-10-18 | CVE-2022-42202 | Cross-site Scripting vulnerability in Tp-Link Tl-Wr841N Firmware 4.17.16Build120201Rel.54750N TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS). | 6.1 |
| 2022-05-25 | CVE-2022-29402 | Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Wr840N Firmware TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. | 6.8 |
| 2022-02-08 | CVE-2021-44864 | Classic Buffer Overflow vulnerability in Tp-Link Wn886N Firmware 1.0.1 TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. | 6.5 |
| 2021-08-19 | CVE-2021-29280 | Exposure of Resource to Wrong Sphere vulnerability in Tp-Link Tl-Wr840N Firmware In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow | 6.4 |
| 2021-08-11 | CVE-2021-38543 | Unspecified vulnerability in Tp-Link Ue330 Firmware 20210809 TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. | 5.9 |
| 2021-06-15 | CVE-2021-28858 | Cleartext Storage of Sensitive Information vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2 TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. | 5.5 |
| 2021-05-14 | CVE-2020-17891 | Cross-site Scripting vulnerability in Tp-Link Archer C1200 Firmware 1.13 TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code. | 6.1 |
| 2021-03-26 | CVE-2021-3275 | Cross-site Scripting vulnerability in Tp-Link products Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. | 6.1 |
| 2021-02-13 | CVE-2021-27210 | Cleartext Storage of Sensitive Information vulnerability in Tp-Link Archer C5V Firmware 1.7181221 TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI. | 6.5 |