CVE-2026-5509

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...

CVE-2026-5509

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...

CVE-2026-5509

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...

CVE-2026-5509

The CVE-2026-5509 entry describes an authenticated command-injection flaw in TP-Link Archer BE450 v1 and BE7200 v1 routers. After logging into the admin web interface, an attacker can inject crafted input via the browser’s developer console that is passed to backend system commands without suffic...

EUVD-2026-32611

An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...

CVE-2026-5511

In the web management interface of Archer AX72 SG v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. An authenticated attacker with administrative privileges could exploit this issue to confirm the...

CVE-2026-30818

An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker...

EUVD-2026-20544

An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modificatio...

CVE-2025-62673

The CVE-2025-62673 issue affects TP-Link Archer AX53 v1.0 through 1.3.1 Build 20241120, with a heap-based buffer overflow in the tdpserver modules that can be triggered by a crafted network packet from a nearby attacker, potentially causing a segmentation fault or arbitrary code execution. The Re...

CVE-2025-62405

TP-Link Archer AX53 v1.0–1.3.1 Build 20241120 contains a heap‑based buffer overflow in the tmpserver modules. An authenticated adjacent attacker can trigger a segmentation fault or potentially execute arbitrary code by sending a specially crafted network packet with a field longer than expected. ...

CVE-2026-22227 Command Injection Vulnerability on TP-Link Archer BE230 v1.2

A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise...

EUVD-2026-5091

A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity,...

Archer MR600 vulnerable to OS command injection

Overview Archer MR600 provided by TP-Link Systems Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2025-14756 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be execute...

CVE-2025-14756

Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or...

EUVD-2019-5048

Malware in sbrugna...

CVE-2024-53375

An Authenticated Remote Code Execution RCE vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmpgetsites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the activation of the HomeShield functionali...

Tp-link TP-Link Archer C9 安全漏洞

Tp-link TP-Link Archer C9 is a wireless router from Tp-link.A security vulnerability exists in the TP-Link Archer C90, which stems from a flaw in the handling of DNS responses. An attacker could exploit the vulnerability to execute arbitrary code on an affected TP-Link Archer C90 router...

TP-Link Archer Code Execution Vulnerability

The TP-Link Archer A7 AC1750 is a wireless router from China P&L TP-Link. A security vulnerability exists in the tdpServer service in the TP-Link Archer A7 using firmware version 190726 AC1750, which stems from the program's use of hard-coded encryption keys. An attacker could exploit the...

CVE-2019-13613

Technical details about CVE-2019-13613 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

CVE-2019-13613

CMDFTESTCONFIG in the TP-Link Device Debug protocol in TP-Link Wireless Router Archer Router version 1.0.0 Build 20180502 rel.45702 EU and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload ...