PT-2026-48516

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX12 v1 TP-Link Archer AX17 v1 TP-Link Archer AX18 v1 TP-Link Archer AX1300 v1.6 Description An OS command injection issue exists in the VPN module. This occurs due to improper filtering of special characters, allowing an...

Russia Hacked Routers to Steal Microsoft Office Tokens

Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens...

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

The Russia-linked threat actor known as APT28 aka Forest Blizzard has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espionage campaign since at...

Exploit for CVE-2022-30075

TP-L-NK-SIZMA-EXPLO-T TP-Link Router Authenticated RCE Exploit...

CVE-2026-3227

A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file...

EUVD-2026-14736

A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1. Affected is the function handlerupdatesystemtime of the file libdeuteronmodules.so of the component NTP Service. The manipulation results in os command injection. The attack may be launched remotely. This vulnerability only...

EUVD-2026-12171

A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file...

TP-LINK多款产品 安全漏洞

TP-LINK TL-WR802N, etc., are products of the TP-LINK company from China. The TP-LINK TL-WR802N is a wireless router. The TP-LINK TL-WR840N is also a wireless router. The TP-LINK TL-WR841N is another product of TP-LINK. Several TP-LINK products have security vulnerabilities; these vulnerabilities...

CVE-2026-2054

A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the publi...

EUVD-2026-5662

A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made...

D-Link DIR-605L和D-Link DIR-619L 访问控制错误漏洞

The D-Link DIR-605L and D-Link DIR-619L are wireless routers produced by the Chinese company D-Link. The D-Link DIR-605L versions 2.06B01/2.13B01 and DIR-619L versions 2.06B01/2.13B01 have a vulnerability related to access control. This vulnerability stems from incorrect operations on the DHCP...

D-Link DIR-605L和D-Link DIR-619L 访问控制错误漏洞

The D-Link DIR-605L and D-Link DIR-619L are wireless routers produced by the Chinese company D-Link. The D-Link DIR-605L versions 2.06B01/2.13B01 and DIR-619L versions 2.06B01/2.13B01 have a vulnerability related to access control. This vulnerability stems from incorrect operations on the...

CVE-2025-15551

The CVE-2025-15551 affects TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4. The issue is that the device response is processed by a JavaScript function like eval without validation, enabling a MitM attacker to execute arbitrary JavaScript in the router’s admin web portal. This i...

CVE-2025-15551 LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N

The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle MitM attack to execute JavaScript...

EUVD-2025-206826

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle MitM attack to execute JavaScript code o...

CVE-2013-7471

An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, NewExternalPort, or NewInternalPort elemen...

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 CVSS score: 9.3, concerns a case of command injection in the "dnscfg.cgi" endpoint that arises as a result of improper...

CVE-2025-14659 D-Link DIR-860LB1/DIR-868LB1 DHCP command injection

A vulnerability was detected in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of the component DHCP Daemon. The manipulation of the argument Hostname results in command injection. It is possible to launch the attack remotely. The exploit is now public and may be...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2022-37055link is external D-Link Routers Buffer Overflow Vulnerability CVE-2025-66644link is external Array Networks ArrayOS AG OS Command Injection...

D-Link Routers Buffer Overflow Vulnerability

D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...