Lucene search
K

4699 matches found

CVE
CVE
added 9 hours ago9 views

CVE-2026-13230

The CVE-2026-13230 entry concerns TP-Link Kasa EC70 v4 and EC71 v4. The issue lies in the local discovery mechanism, where geolocation-related data can be retrieved without authentication. Affects confidentiality only; no evidence of integrity or availability impact is reported. Exploitation cont...

5.3CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added 9 hours ago7 views

EUVD-2026-44577

An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...

5.3CVSS6.1AI score
Exploits0References5
CVE
CVE
added 9 hours ago11 views

CVE-2026-9770

Affected products: TP-Link Kasa EC70 v4 and EC71 v4 firmware. Issue: a static cryptographic private key is stored in a read-only filesystem shared across devices, allowing extraction from the firmware image. Impact: an unauthenticated attacker on the same network could use the embedded key in the...

8.6CVSS6.1AI score
Exploits0References5
Nuclei
Nuclei
added yesterday23 views

TP-Link Archer A20 v3 Router - Cross-site Scripting

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...

4.8CVSS7.2AI score0.00875EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago89 views

TP-LINK - Local File Inclusion

TP-LINK is susceptible to local file inclusion in these products: Archer C5 1.2 with firmware before 150317, Archer C7 2.0 with firmware before 150304, and C8 1.0 with firmware before 150316, Archer C9 1.0, TL-WDR3500 1.0, TL-WDR3600 1.0, and TL-WDR4300 1.0 with firmware before 150302, TL-WR740N...

7.8CVSS7AI score0.83772EPSS
Exploits5References5
Nuclei
Nuclei
added 2 days ago67 views

TP-Link - OS Command Injection

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field. id: CVE-2021-41653 info: name: TP-Link - OS Command Injection author: gy741 severity: critical...

10CVSS7.5AI score0.75883EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago53 views

TP-Link TL-WR840N - Command Injection

The TP-Link TL-WR840NESV6.20180709 router contains a command injection vulnerability in the oalsetIp6DefaultRoute component. This vulnerability allows authenticated attackers to execute arbitrary system commands, leading to complete device compromise. id: CVE-2022-25061 info: name: TP-Link...

9.8CVSS7AI score0.66934EPSS
Exploits1References5
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.81 views

TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection

TP-Link Archer AX21 AX1800 routers are vulnerable to unauthenticated OS command injection via the country parameter in the locale endpoint. This allows remote attackers to execute arbitrary commands as root. id: CVE-2023-1389 info: name: TP-Link Archer AX21 AX1800 - Unauthenticated Command...

8.8CVSS7.8AI score0.99999EPSS
Exploits7References3
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.157 views

TP-Link Archer C20 - Authentication Bypass

A vulnerability in the TP-Link Archer C20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass authentication on interfaces under the /cgi directory. When adding a Referer header with value "http://tplinkwifi.net" to requests, the router will recognize th...

7.6AI score0.03211EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 8:34 p.m.36 views

CVE-2026-10562 Unauthenticated Open Redirect Vulnerability on TP-Link Archer AX20 Web Interface

An unauthenticated URL redirection vulnerability has been identified in Archer AX20 V2 due to improper validation of user-supplied URL input within the web interface. An unauthenticated attacker can craft URLs containing URL-encoded path traversal sequences. When processed by the embedded web...

5.9CVSS0.00296EPSS
Exploits0References2
CNVD
CNVD
added 2026/06/30 12:0 a.m.5 views

TP-Link TL-WR841N Web interface stack buffer overflow vulnerability

The TP-Link TL-WR841N v14 is a wireless router produced by the Chinese company TP-Link. The TP-Link TL-WR841N v14 has a stack buffer overflow vulnerability in its web interface. This vulnerability arises from improper handling of specially crafted HTTP requests, leading to a buffer overflow...

6.8CVSS6.4AI score0.00554EPSS
Exploits0
NVD
NVD
added 2026/06/29 4:16 p.m.8 views

CVE-2026-9105

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process...

6.8CVSS0.00554EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 4:5 p.m.8 views

EUVD-2026-40136

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process...

6.8CVSS6.2AI score0.00554EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 4:5 p.m.19 views

CVE-2026-9105

CVE-2026-9105 affects the web management interface of the TP-Link TL-WR841N (v14). An authenticated attacker can trigger a stack-based buffer overflow in the embedded web server by sending crafted HTTP requests, leading to a crash and a denial-of-service condition with automatic reboot. The vulne...

6.8CVSS6.2AI score0.00554EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:5 p.m.7 views

CVE-2026-9105

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process...

6.8CVSS6.2AI score0.00554EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53315

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR841N version v14 Description An authenticated stack-based buffer overflow occurs in the web management interface. A remote authenticated attacker can send crafted HTTP requests to the embedded web server, causing a stack buffer to...

6.8CVSS6.3AI score0.00554EPSS
Exploits0References7
NVD
NVD
added 2026/06/22 7:16 p.m.13 views

CVE-2026-11834

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS0.00409EPSS
Exploits1References8
EUVD
EUVD
added 2026/06/22 5:53 p.m.9 views

EUVD-2026-38339

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS5.9AI score0.00409EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:53 p.m.4 views

CVE-2026-11834

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS5.9AI score0.00409EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/06/22 5:53 p.m.7 views

CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS5.9AI score0.00409EPSS
Exploits1References8
Rows per page
Query Builder