Vulnerabilities > TP Link > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-10 | CVE-2021-31658 | Improper Validation of Array Index vulnerability in Tp-Link Tl-Sg2005 Firmware and Tl-Sg2008 Firmware TP-Link TL-SG2005, TL-SG2008, etc. | 5.8 |
| 2021-06-10 | CVE-2021-31659 | Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link Tl-Sg2005 Firmware and Tl-Sg2008 Firmware TP-Link TL-SG2005, TL-SG2008, etc. | 6.8 |
| 2021-05-14 | CVE-2020-17891 | Cross-site Scripting vulnerability in Tp-Link Archer C1200 Firmware 1.13 TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code. | 4.3 |
| 2021-03-26 | CVE-2021-3275 | Cross-site Scripting vulnerability in Tp-Link products Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. | 4.3 |
| 2021-02-13 | CVE-2021-27210 | Cleartext Storage of Sensitive Information vulnerability in Tp-Link Archer C5V Firmware 1.7181221 TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI. | 4.0 |
| 2020-08-07 | CVE-2020-15057 | Improper Input Validation vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. | 6.1 |
| 2020-05-07 | CVE-2020-10916 | Improper Authentication vulnerability in Tp-Link Tl-Wa855Re Firmware 190408/191213 This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Firmware Ver: 855rev4-up-ver1-0-1-P1[20191213-rel60361] Wi-Fi extenders. | 5.2 |
| 2020-05-04 | CVE-2020-12110 | Use of Hard-coded Credentials vulnerability in Tp-Link products Certain TP-Link devices have a Hardcoded Encryption Key. | 5.0 |
| 2020-04-01 | CVE-2020-10231 | NULL Pointer Dereference vulnerability in Tp-Link products TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference. | 5.0 |
| 2020-04-01 | CVE-2020-11445 | Improper Authentication vulnerability in Tp-Link products TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. | 5.0 |