Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tp-link vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-8218
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.
Tp-link C2 Firmware
Tp-link C20i Firmware
6.5
CVSSv3
CVE-2017-8219
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.
Tp-link C2 Firmware
Tp-link C20i Firmware
9.9
CVSSv3
CVE-2017-8220
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.
Tp-link C2 Firmware
Tp-link C20i Firmware
1 Github repository
8.8
CVSSv3
CVE-2019-13268
TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. They forward ARP requests, which are sent as broadcast packets, between the host and the guest networks. To ...
Tp-link Archer C3200 V1 Firmware -
Tp-link Archer C2 V1 Firmware -
8.8
CVSSv3
CVE-2018-11481
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
9.8
CVSSv3
CVE-2018-11482
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
7.8
CVSSv3
CVE-2022-26987
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.
Tp-link Tl-wdr7660 Firmware 2.0.30
Tp-link Tl-wdr7661 Firmware -
Tp-link Tl-wdr7620 Firmware -
Tp-link Tl-wdr5660 Firmware -
Mercusys Mercury D196g Firmware 20200109 2.0.4
Fastcom Fac1900r Firmware 20190827 2.0.2
7.8
CVSSv3
CVE-2022-26988
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution.
Tp-link Tl-wdr7660 Firmware 2.0.30
Tp-link Tl-wdr7661 Firmware -
Tp-link Tl-wdr7620 Firmware -
Tp-link Tl-wdr5660 Firmware -
Mercusys Mercury D196g Firmware 20200109 2.0.4
Fastcom Fac1900r Firmware 20190827 2.0.2
6.5
CVSSv3
CVE-2023-38906
An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote malicious user to obtain sensitive information via the authentication code for the UDP message.
Tp-link Tapo 2.8.14
Tp-link Tapo L530e Firmware 1.0.0
7.5
CVSSv3
CVE-2023-38907
An issue in TPLink Smart Bulb Tapo series L530 prior to 1.2.4, L510E prior to 1.1.0, L630 prior to 1.0.4, P100 prior to 1.5.0, and Tapo Application 2.8.14 allows a remote malicious user to replay old messages encrypted with a still valid session key.
Tp-link Tapo L530e Firmware 1.0.0
Tp-link Tapo 2.8.14
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525
CVE-2024-4652
CVE-2024-1438
CVE-2024-4671
CVE-2024-34351
arbitrary
CVE-2024-4650
SQL injection
overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »