6284 matches found
CVE-2025-62673
The CVE-2025-62673 issue affects TP-Link Archer AX53 v1.0 through 1.3.1 Build 20241120, with a heap-based buffer overflow in the tdpserver modules that can be triggered by a crafted network packet from a nearby attacker, potentially causing a segmentation fault or arbitrary code execution. The Re...
EUVD-2025-206674
SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...
CVE-2025-61983
TP-Link Archer AX53 (v1.0 through 1.3.1 Build 20241120) has a heap-based buffer overflow in the tmpserver modules. An authenticated adjacent attacker can trigger a segmentation fault or potentially execute arbitrary code by sending a crafted network packet containing an excessive number of fields...
CVE-2025-61944
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length...
CVE-2025-59487
TP-Link Archer AX53, v1.0–1.3.1 Build 20241120, contains a heap-based buffer overflow in the tmpserver modules. The root cause is improper validation of a packet field offset used to select the memory write location, allowing authenticated adjacent attackers to trigger segmentation faults or pote...
Compressing Vulnerable to Arbitrary File Write via Symlink Extraction
Arbitrary File Write via Symlink Extraction in github.com/node-modules/compressing Brief Introduction The compressing npm package extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended extraction directory, an...
MAL-2026-664 Malicious code in transform-es2015-modules-amd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f874dbbcc1f45c4afb0b3b6eba5bab0a03a8f0f2749b4ad737ce8562bbd1f3b The package transform-es2015-modules-amd was found to contain malicious code. Source: ghsa-malware...
Malicious code in transform-es2015-modules-amd (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f874dbbcc1f45c4afb0b3b6eba5bab0a03a8f0f2749b4ad737ce8562bbd1f3b The package transform-es2015-modules-amd was found to contain malicious code. Source: ghsa-malware...
PT-2026-5924
Name of the Vulnerable Software and Affected Versions TP-Link Archer AX53 versions 1.0 through 1.3.1 Build 20241120 Description A heap-based buffer overflow exists in the tmpserver modules of TP-Link Archer AX53. This flaw allows authenticated attackers in an adjacent network to trigger a...
CVE-2026-22222
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...
CVE-2026-22223 Command Injection Vulnerability on TP-Link Archer BE230 v1.2
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity...
CVE-2026-22223 Command Injection Vulnerability on TP-Link Archer BE230 v1.2
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity...
CVE-2026-22222 Command Injection Vulnerability on TP-Link Archer BE230 v1.2
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...
EUVD-2026-5097
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...
CVE-2026-22222
CVE-2026-22222 is an OS Command Injection in TP-Link Archer BE230 v1.2 (web modules). The issue allows an adjacent authenticated attacker to execute arbitrary code and potentially gain full administrative control on Archer BE230 v1.2, impacting configuration integrity, network security, and servi...
EUVD-2026-5098
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...
CVE-2026-0631 Command Injection Vulnerability on TP-Link Archer BE230 v1.2
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...
CVE-2026-0631
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2vpn modules allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...
EUVD-2026-5099
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration...
CVE-2026-0630 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 and AXE75 v1.0
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2web modules and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise o...