CVE-2026-36607

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint code=10, which lacks the rate limiting applied to the login endpoint code=7. An attacker on the adjacent network can attempt unlimited passwords without...

CVE-2026-36607

Mercusys AC12G (EU) V1 router, firmware AC12G(EU)_V1_200909, is affected by CVE-2026-36607. The TDDP password change endpoint (code=10) allows unauthenticated brute-force attempts without rate limiting, unlike the login endpoint (code=7). An attacker on an adjacent network can attempt unlimited p...

TP-Link TL-WR841N 安全漏洞

The TP-Link TL-WR841N is a router produced by the TP-Link company. The TP-Link TL-WR841N v13 version has a security vulnerability. This vulnerability stems from the use of DES-CBC encryption in the TDDPv2 debugging protocol, where the key is predictable. This could allow unauthorized attackers to...

CVE-2026-0834

Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 TDDP module allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and...

CVE-2026-0834

Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 TDDP module allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger...

TP-LINK Archer C20 security vulnerabilities

The TP-LINK Archer C20 is a router produced by the TP-LINK company. Versions of the TP-LINK Archer C20 prior to v6.0 version number: 6251031 and the TP-Link Archer AX53 prior to version 1.0 version number: 1251215 contained security vulnerabilities. These vulnerabilities were due to logical flaws...

VulnCheck KEV: CVE-2020-24363

TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker on the same network to submit a TDDPRESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password...

CVE-2023-49074

A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated...

SUSE CVE-2017-9466

The executable httpd on the TP-Link WR841N V8 router before TL-WR841NUNV8170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which allowed attackers to gain read-write access to system settings through the protected router configuratio...

Vulnerability in some TP-Link routers could lead to factory reset

Cisco Talos Vulnerability Research team has disclosed 10 vulnerabilities over the past three weeks, including four in a line of TP-Link routers, one of which could allow an attacker to reset the devices settings back to the factory default. A popular open-source software for internet-of-things Io...

CVE-2023-49074

A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated...

CVE-2023-49074

A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated...

CVE-2023-49074

A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated...

CVE-2023-49074

CVE-2023-49074 affects TP-Link AC1350 Omada Giga APs (EAP225 V3) running v5.1.0 Build 20220926. A TDDP-based vulnerability (V2 ENC_CMD_OPT subtype 0x49) allows an unauthenticated attacker to reset device settings to factory defaults by sending a crafted network request; a related TDDP_SPECIAL_CMD...

Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) TDDP denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1861 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 TDDP denial of service vulnerability April 9, 2024 CVE Number CVE-2023-49074 SUMMARY A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO...

PT-2023-9012 · Tp Link · Tp-Link Ac1350 Wireless Mu-Mimo Gigabit Access Point +1

Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Tp-Link N300 affected versions not specified Description: A denial of service issue exists in the TDDP functionality, related to the use of dangerous...

CVE-2021-42232

TP-Link Archer A7 Archer A7USV5210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router...

TP-Link TL-WA855RE Elevation of Privilege Vulnerability

The TP-Link TL-WA855RE is a 300Mbps Wi-Fi range extender. An elevation of privilege vulnerability exists in the TP-Link TL-WA855RE V5 version 20200415-rel37464. An attacker can perform a factory reset and reboot via a TDDPRESET POST request, which can be exploited to set a new administrative...

CVE-2020-24363

TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker on the same network to submit a TDDPRESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password...

TP-Link SR20 router 0 day vulnerability-a vulnerability warning-the black bar safety net

Google security developer Matthew Garrett found the TP-Link SR20 smart home router There 0 day arbitrary code execution vulnerability in the same network an attacker can exploit the vulnerability to root access to execute arbitrary commands. Garrett said public vulnerability is due from him to th...