451 matches found
TP-Link Archer A20 v3 Router - Cross-site Scripting
The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...
TP-Link Archer C20 - Authentication Bypass
A vulnerability in the TP-Link Archer C20 router with firmware version V6.6230412 and earlier permits unauthorized individuals to bypass authentication on interfaces under the /cgi directory. When adding a Referer header with value "http://tplinkwifi.net" to requests, the router will recognize th...
TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection
TP-Link Archer AX21 AX1800 routers are vulnerable to unauthenticated OS command injection via the country parameter in the locale endpoint. This allows remote attackers to execute arbitrary commands as root. id: CVE-2023-1389 info: name: TP-Link Archer AX21 AX1800 - Unauthenticated Command...
CVE-2026-9151 Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers
An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...
CVE-2026-9151
The CVE-2026-9151 entry describes a command-injection in the VPN module of TP-Link Archer routers (AX12 v1, AX17 v1, AX18 v1, AX1300 v1.6). The root cause is improper filtering of special characters, enabling an adjacent, authenticated attacker to inject commands by importing a specially crafted ...
CVE-2026-9151 Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers
An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...
EUVD-2026-36078
An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...
TP-LINK Archer 操作系统命令注入漏洞
TP-LINK Archer is a series of routers produced by TP-LINK Corporation. The TP-LINK Archer has a vulnerability related to operating system command injection, which stems from improper filtering of special characters in the VPN module. This vulnerability may allow adjacent, authenticated attackers ...
TP-Link Archer BE450 and BE7200 vulnerable to OS command injection
Overview Archer BE450 and BE7200 provided by TP-Link contain the following vulnerability. OS command injection CWE-78 - CVE-2026-5509 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be executed...
TP-Link Archer C64 安全漏洞
The TP-Link Archer C64 is a wireless router produced by TP-Link Corporation. The TP-Link Archer C64 V1 version has a security vulnerability. This vulnerability stems from improper execution of the authentication rate limit during the debugging of the SSH service. As a result, attackers in adjacen...
CVE-2026-5509 Arbitrary Command Injection via Browser Developer Console in TP-Link Archer BE450 and BE7200
An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router that allows an administrator to execute arbitrary system commands through the web management interface. After successfully authenticating to the admin interface, an attacker can leverage the...
CVE-2026-30815
An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modificatio...
Tp-Link AX53 v1.0 tmpServer opcode 0x436 stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2025-2302 Tp-Link AX53 v1.0 tmpServer opcode 0x436 stack-based buffer overflow vulnerability May 7, 2026 CVE Number CVE-2026-30814 SUMMARY A stack-based buffer overflow vulnerability exists in the tmpServer opcode 0x436 functionality of Tp-Link AX53 v1.0 1.3.1 Bui...
Tp-Link Archer AX53 v1.0 dnsmasq configuration restore TFTP server enable vulnerability
Talos Vulnerability Report TALOS-2025-2305 Tp-Link Archer AX53 v1.0 dnsmasq configuration restore TFTP server enable vulnerability May 7, 2026 CVE Number CVE-2026-30817 SUMMARY An external config control vulnerability exists in the Openvpn configuration restore routeup functionality of Tp-Link...
Tp-Link Archer AX53 v1.0 configuration restore crt.sed vulnerability
Talos Vulnerability Report TALOS-2025-2304 Tp-Link Archer AX53 v1.0 configuration restore crt.sed vulnerability May 7, 2026 CVE Number CVE-2026-30816 SUMMARY An external config control vulnerability exists in the Openvpn configuration restore crt.sed functionality of Tp-Link Archer AX53 v1.0 1.3....
TP-Link Archer C7 安全漏洞
The TP-Link Archer C7 is a router produced by the TP-Link company. The TP-Link Archer C7 Build 20220715 and earlier versions have security vulnerabilities. These vulnerabilities stem from insufficient encryption strength, which may allow password recovery attacks to occur...
CVE-2026-30818 OS Command Injection Vulnerability in dnsmasq Module in TP-Link AX53
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker...
CVE-2026-30818 OS Command Injection Vulnerability in dnsmasq Module in TP-Link AX53
An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker...
CVE-2026-30814 Buffer Overflow Vulnerability in TP-Link AX53
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow...
CVE-2026-30814
Affects TP-Link Archer AX53 v1.0. The vulnerability is a stack-based buffer overflow in the tmpServer module, allowing an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a crafted configuration file. Exploitation may crash the device and ...