Vulnerabilities > TP Link > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-21 | CVE-2020-5797 | Link Following vulnerability in Tp-Link Archer C9 Firmware 180125 UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. | 6.1 |
| 2020-11-18 | CVE-2020-28005 | Classic Buffer Overflow vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2 httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. | 6.5 |
| 2020-11-06 | CVE-2020-5795 | Link Following vulnerability in Tp-Link Archer A7 Firmware 200721 UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. | 6.2 |
| 2020-08-07 | CVE-2020-15057 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. | 6.5 |
| 2020-08-07 | CVE-2020-15056 | Cross-site Scripting vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | 4.3 |
| 2020-06-23 | CVE-2020-14965 | Cross-site Scripting vulnerability in Tp-Link Tl-Wr740N Firmware and Tl-Wr740Nd Firmware On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. | 4.8 |
| 2020-05-04 | CVE-2020-12475 | Path Traversal vulnerability in Tp-Link Omada Controller 3.2.6 TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. | 5.5 |
| 2020-04-01 | CVE-2020-11445 | Unspecified vulnerability in Tp-Link products TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. | 5.3 |
| 2020-01-27 | CVE-2019-19143 | Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Wr849N Firmware 0.9.14.16 TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI. | 6.1 |
| 2019-05-24 | CVE-2019-12195 | Cross-site Scripting vulnerability in Tp-Link Tl-Wr840N Firmware 0.9.13.16 TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. | 4.8 |