CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4671 matches found

TP-Link Archer A20 v3 Router - Cross-site Scripting

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...

4.8CVSS7.5AI score0.00865EPSS

Exploits0References2

Nuclei•added 17 hours ago•123 views

TP-Link Archer C20 - Authentication Bypass

A vulnerability in the TP-Link Archer C20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass authentication on interfaces under the /cgi directory. When adding a Referer header with value "http://tplinkwifi.net" to requests, the router will recognize th...

9.8CVSS7.5AI score0.03211EPSS

Exploits1References3

Nuclei•added 2 days ago•25 views

TP-Link TL-WR840N - Command Injection

The TP-Link TL-WR840NESV6.20180709 router contains a command injection vulnerability in the oalsetIp6DefaultRoute component. This vulnerability allows authenticated attackers to execute arbitrary system commands, leading to complete device compromise. id: CVE-2022-25061 info: name: TP-Link...

9.8CVSS8AI score0.72495EPSS

Exploits1References5

Nuclei•added 2 days ago•37 views

TP-Link - OS Command Injection

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field. id: CVE-2021-41653 info: name: TP-Link - OS Command Injection author: gy741 severity: critical...

10CVSS9.4AI score0.7747EPSS

Exploits1References5

Cvelist•added 4 days ago•24 views

CVE-2026-11409 OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS

Exploits0References3

Cvelist•added 4 days ago•18 views

CVE-2026-11410 OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N

An authenticated OS command injection vulnerability exists in the BigPond Cable BPA WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges...

8.5CVSS0.02787EPSS

Exploits0References3

CVE•added 4 days ago•8 views

CVE-2026-11410

The CVE-2026-11410 entry concerns TL-WR940N v6 (BigPond Cable BPA WAN config) with an authenticated OS command injection caused by improper input sanitization in the configuration module. An administrator can trigger arbitrary command execution with elevated privileges on the device via the BPA W...

8.5CVSS5.8AI score0.02787EPSS

Exploits0References3Affected Software1

Nuclei•added 4 days ago•45 views

TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection

TP-Link Archer AX21 AX1800 routers are vulnerable to unauthenticated OS command injection via the country parameter in the locale endpoint. This allows remote attackers to execute arbitrary commands as root. id: CVE-2023-1389 info: name: TP-Link Archer AX21 AX1800 - Unauthenticated Command...

8.8CVSS8.6AI score0.99999EPSS

Exploits7References3

Nuclei•added 4 days ago•57 views

TP-LINK - Local File Inclusion

TP-LINK is susceptible to local file inclusion in these products: Archer C5 1.2 with firmware before 150317, Archer C7 2.0 with firmware before 150304, and C8 1.0 with firmware before 150316, Archer C9 1.0, TL-WDR3500 1.0, TL-WDR3600 1.0, and TL-WDR4300 1.0 with firmware before 150302, TL-WR740N...

7.8CVSS7.8AI score0.83772EPSS

Exploits5References5

Cvelist•added 2026/06/11 8:46 p.m.•23 views

CVE-2026-6250 Authenticated Format String Injection on TP-Link Tapo C110

An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data such as return...

7CVSS0.00463EPSS

Exploits0References4

GithubExploit•added 2026/06/11 6:5 p.m.•49 views

Exploit for Command Injection in Tp-Link Tapo_C200_Firmware

🔍 CVE-2021-4045: Vulnerabilidad de Inyección de Comandos en...

10CVSS8AI score0.73029EPSS

Exploits10

Vulnrichment•added 2026/06/10 5:10 p.m.•6 views

CVE-2026-9151 Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...

8.5CVSS5.9AI score0.01047EPSS

Exploits0References5

CVE•added 2026/06/10 5:10 p.m.•9 views

CVE-2026-9151

The CVE-2026-9151 entry describes a command-injection in the VPN module of TP-Link Archer routers (AX12 v1, AX17 v1, AX18 v1, AX1300 v1.6). The root cause is improper filtering of special characters, enabling an adjacent, authenticated attacker to inject commands by importing a specially crafted ...

8.5CVSS5.9AI score0.01047EPSS

Exploits0References5

Cvelist•added 2026/06/10 5:10 p.m.•25 views

CVE-2026-9151 Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers

8.5CVSS0.01047EPSS

Exploits0References5

EUVD•added 2026/06/10 5:10 p.m.•7 views

EUVD-2026-36078

8.5CVSS5.9AI score0.01047EPSS

Exploits0References5

CNNVD•added 2026/06/10 12:0 a.m.•6 views

TP-LINK Archer 操作系统命令注入漏洞

TP-LINK Archer is a series of routers produced by TP-LINK Corporation. The TP-LINK Archer has a vulnerability related to operating system command injection, which stems from improper filtering of special characters in the VPN module. This vulnerability may allow adjacent, authenticated attackers ...

8.5CVSS5.9AI score0.01047EPSS

Exploits0References1

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48516

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX12 v1 TP-Link Archer AX17 v1 TP-Link Archer AX18 v1 TP-Link Archer AX1300 v1.6 Description An OS command injection issue exists in the VPN module. This occurs due to improper filtering of special characters, allowing an...

8.5CVSS5.7AI score0.01047EPSS

Exploits0References11

RedhatCVE•added 2026/06/06 6:43 p.m.•11 views

CVE-2026-8714

A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state. Successful exploitation may cause the RTS...

7.1CVSS5.5AI score0.00206EPSS

Exploits0References1

GithubExploit•added 2026/06/06 4:37 p.m.•70 views

Exploit for Classic Buffer Overflow in Tp-Link Tl-Wr940N_Firmware

CVE-2024-54887 TypeScript PoC This repository contains a Type...

8CVSS5.4AI score0.06132EPSS

Exploits1

Vulnrichment•added 2026/06/05 11:52 p.m.•6 views

CVE-2026-6242 Authenticated Format String Vulnerability in ONVIF Subscribe Service on TP-Link Tapo C520WS

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

6.8CVSS5.5AI score0.00174EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by