Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tp-link vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2017-8219
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.
Tp-link C2 Firmware
Tp-link C20i Firmware
9.9
CVSSv3
CVE-2017-8220
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.
Tp-link C2 Firmware
Tp-link C20i Firmware
1 Github repository
8
CVSSv3
CVE-2023-31188
Multiple TP-LINK products allow a network-adjacent authenticated malicious user to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Arc...
Tp-link Archer C55 Firmware
Tp-link Archer C50 V3 Firmware
8.8
CVSSv3
CVE-2023-38563
Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated malicious user to execute arbitrary OS commands.
Tp-link Archer C1200 Firmware
Tp-link Archer C9 Firmware
8.8
CVSSv3
CVE-2018-11481
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
9.8
CVSSv3
CVE-2018-11482
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
7.8
CVSSv3
CVE-2022-26987
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.
Tp-link Tl-wdr7660 Firmware 2.0.30
Tp-link Tl-wdr7661 Firmware -
Tp-link Tl-wdr7620 Firmware -
Tp-link Tl-wdr5660 Firmware -
Mercusys Mercury D196g Firmware 20200109 2.0.4
Fastcom Fac1900r Firmware 20190827 2.0.2
7.8
CVSSv3
CVE-2022-26988
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution.
Tp-link Tl-wdr7660 Firmware 2.0.30
Tp-link Tl-wdr7661 Firmware -
Tp-link Tl-wdr7620 Firmware -
Tp-link Tl-wdr5660 Firmware -
Mercusys Mercury D196g Firmware 20200109 2.0.4
Fastcom Fac1900r Firmware 20190827 2.0.2
NA
CVE-2012-5687
Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.
Tp-link Tl-wr841n -
Tp-link Tl-wr841n Firmware
1 EDB exploit
NA
CVE-2014-4727
Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware prior to 140916 allows remote malicious users to inject arbitrary web script or HTML via the hostname in a DHCP request.
Tp-link Tl-wdr4300 Firmware
Tp-link Tl-wdr4300 -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »