Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

81 matches found

Nuclei
Nucleiadded 3 days ago48 views

TP-LINK - Local File Inclusion

TP-LINK is susceptible to local file inclusion in these products: Archer C5 1.2 with firmware before 150317, Archer C7 2.0 with firmware before 150304, and C8 1.0 with firmware before 150316, Archer C9 1.0, TL-WDR3500 1.0, TL-WDR3600 1.0, and TL-WDR4300 1.0 with firmware before 150302, TL-WR740N...

7.8CVSS7.4AI score0.92856EPSS
Exploits5References5
RedhatCVE
RedhatCVEadded 2026/04/17 1:22 a.m.0 views

CVE-2026-5363

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

8.8CVSS5.8AI score0.00004EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/16 12:54 a.m.1 views

EUVD-2026-23137

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

6CVSS5.8AI score0.00004EPSS
Exploits0References2
NVD
NVDadded 2026/04/16 12:16 a.m.0 views

CVE-2026-5363

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

8.8CVSS0.00004EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/04/16 12:0 a.m.4 views

TP-Link Archer C7 安全漏洞

The TP-Link Archer C7 is a router produced by the TP-Link company. The TP-Link Archer C7 Build 20220715 and earlier versions have security vulnerabilities. These vulnerabilities stem from insufficient encryption strength, which may allow password recovery attacks to occur...

8.8CVSS5.8AI score0.00004EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/15 11:45 p.m.1 views

CVE-2026-5363 Use of weak cryptographic key in TP-Link Archer C7

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

6CVSS5.8AI score0.00004EPSS
Exploits0References1
CVE
CVEadded 2026/04/15 11:45 p.m.6 views

CVE-2026-5363

TP-Link Archer C7 v5/v5.8 (uhttpd) is affected by CVE-2026-5363 due to inadequate encryption strength: the admin password is encrypted client-side with RSA-1024 before login, allowing an adjacent attacker to brute-force or factor the 1024-bit key and recover plaintext credentials, leading to unau...

8.8CVSS5.8AI score0.00004EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/15 11:45 p.m.1 views

CVE-2026-5363

Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 uhttpd modules allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using RSA-1024 before sending it to the router during login. An adjacent attacker with the ability to...

6CVSS5.8AI score0.00004EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/15 12:0 a.m.3 views

PT-2026-33186

Name of the Vulnerable Software and Affected Versions TP-Link Archer C7 versions v5 and v5.8 through Build 20220715 Description Inadequate encryption strength in the uhttpd modules allows for password recovery exploitation. The web interface encrypts the admin password client-side using RSA-1024...

8.8CVSS5.8AI score0.00004EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/01/09 10:18 a.m.5 views

CVE-2019-18992

OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" this can occur, for example, on a TP-Link Archer C7 device...

5.4CVSS5.9AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 10:17 a.m.5 views

CVE-2019-18993

OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI this can occur, for example, on a TP-Link Archer C7 device...

5.4CVSS6AI score0.00281EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2019-8646

Malware in sbrugna...

5.4CVSS5.6AI score0.00281EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2019-8647

Malware in sbrugna...

5.4CVSS5.6AI score0.00281EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-52014

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00151EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-42958

Malicious code in bioql PyPI...

8CVSS7.8AI score0.00087EPSS
Exploits0References2
Malwarebytes
Malwarebytesadded 2025/09/04 10:50 a.m.6 views

TP-Link warns of botnet infecting routers and targeting Microsoft 365 accounts

TP-Link has issued a warning about a botnet exploiting two vulnerabilities to infect small office/home SOHO routers, which are then weaponized to attack Microsoft 365 accounts. The vulnerabilities affect the Archer C7 and TL-WR841N/ND routers, though other models may also be at risk. Despite the...

8.6CVSS7.5AI score0.26907EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalogadded 2025/09/03 12:0 a.m.15 views

TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability

TP-Link Archer C7EU and TL-WR841N/NDMS contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

8.6CVSS7.7AI score0.26907EPSS
In wildExploits0
RedhatCVE
RedhatCVEadded 2025/08/31 6:11 p.m.2 views

CVE-2025-9377

The authenticated remote command execution RCE vulnerability exists in the Parental Control page on TP-Link Archer C7EU V2 and TL-WR841N/NDMS V9. This issue affects Archer C7EU V2: before 241108 and TL-WR841N/NDMS V9: before 241108. Both products have reached the status of EOL end-of-life. It's...

8.6CVSS7.2AI score0.26907EPSS
Exploits0References1
OSV
OSVadded 2025/08/29 6:15 p.m.0 views

CVE-2025-9377

The authenticated remote command execution RCE vulnerability exists in the Parental Control page on TP-Link Archer C7EU V2 and TL-WR841N/NDMS V9. This issue affects Archer C7EU V2: before 241108 and TL-WR841N/NDMS V9: before 241108. Both products have reached the status of EOL end-of-life. It's...

7.2CVSS6AI score0.26907EPSS
Exploits0References3
EUVD
EUVDadded 2025/08/29 5:30 p.m.3 views

EUVD-2025-26234

The authenticated remote command execution RCE vulnerability exists in the Parental Control page on TP-Link Archer C7EU V2 and TL-WR841N/NDMS V9. This issue affects Archer C7EU V2: before 241108 and TL-WR841N/NDMS V9: before 241108. Both products have reached the status of EOL end-of-life. It's...

8.6CVSS6.6AI score0.26907EPSS
Exploits0References2
Rows per page
Query Builder