Lucene search
K

4919 matches found

GithubExploit
GithubExploit
added 2026/06/11 6:5 p.m.72 views

Exploit for Command Injection in Tp-Link Tapo_C200_Firmware

🔍 CVE-2021-4045: Vulnerabilidad de Inyección de Comandos en...

10CVSS8AI score0.72185EPSS
Exploits10
Vulnrichment
Vulnrichment
added 2026/06/10 5:10 p.m.8 views

CVE-2026-9151 Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...

8.5CVSS5.9AI score0.01069EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/10 5:10 p.m.30 views

CVE-2026-9151 Command Injection Vulnerability in OpenVPN on Multiple TP-Link Archer Routers

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...

8.5CVSS0.01069EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/10 5:10 p.m.13 views

EUVD-2026-36078

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...

8.5CVSS5.9AI score0.01069EPSS
Exploits0References5
CVE
CVE
added 2026/06/10 5:10 p.m.21 views

CVE-2026-9151

The CVE-2026-9151 entry describes a command-injection in the VPN module of TP-Link Archer routers (AX12 v1, AX17 v1, AX18 v1, AX1300 v1.6). The root cause is improper filtering of special characters, enabling an adjacent, authenticated attacker to inject commands by importing a specially crafted ...

8.5CVSS5.9AI score0.01069EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

TP-LINK Archer 操作系统命令注入漏洞

TP-LINK Archer is a series of routers produced by TP-LINK Corporation. The TP-LINK Archer has a vulnerability related to operating system command injection, which stems from improper filtering of special characters in the VPN module. This vulnerability may allow adjacent, authenticated attackers ...

8.5CVSS5.9AI score0.01069EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48516

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX12 v1 TP-Link Archer AX17 v1 TP-Link Archer AX18 v1 TP-Link Archer AX1300 v1.6 Description An OS command injection issue exists in the VPN module. This occurs due to improper filtering of special characters, allowing an...

8.5CVSS5.7AI score0.01069EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.16 views

CVE-2026-8714

A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state. Successful exploitation may cause the RTS...

7.1CVSS5.5AI score0.00206EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/06 4:37 p.m.89 views

Exploit for Classic Buffer Overflow in Tp-Link Tl-Wr940N_Firmware

CVE-2024-54887 TypeScript PoC This repository contains a Type...

8CVSS5.4AI score0.05367EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/06/05 11:52 p.m.8 views

CVE-2026-6242 Authenticated Format String Vulnerability in ONVIF Subscribe Service on TP-Link Tapo C520WS

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

6.8CVSS5.5AI score0.00174EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/05 11:52 p.m.9 views

CVE-2026-6241 Authenticated Format String Vulnerability in ONVIF AddScopes Method on TP-Link Tapo C520WS

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory...

6.8CVSS5.5AI score0.00163EPSS
Exploits0References3
CVE
CVE
added 2026/06/05 11:52 p.m.36 views

CVE-2026-6241

An authenticated format-string vulnerability affects TP-Link Tapo C520WS v2 (ONVIF AddScopes). User-controlled input is passed to formatting functions without proper sanitization, enabling injection of format specifiers that can manipulate memory handling. Exploitation may cause the ONVIF managem...

6.8CVSS5.5AI score0.00163EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/05 11:51 p.m.9 views

CVE-2026-6240 Authenticated Stack-based Buffer Overflow in ONVIF DeleteUsers Service on TP-Link Tapo C520WS

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers ...

6.8CVSS5.9AI score0.0018EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/05 11:51 p.m.46 views

CVE-2026-6240 Authenticated Stack-based Buffer Overflow in ONVIF DeleteUsers Service on TP-Link Tapo C520WS

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers ...

6.8CVSS0.0018EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/05 11:50 p.m.40 views

CVE-2026-6239 Authenticated Stack-based Buffer Overflow in ONVIF CreateUsers Service in TP-Link Tao C520WS

A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request containing an excessive...

6.8CVSS0.0018EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/05 11:50 p.m.11 views

CVE-2026-6239 Authenticated Stack-based Buffer Overflow in ONVIF CreateUsers Service in TP-Link Tao C520WS

A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request containing an excessive...

6.8CVSS5.5AI score0.0018EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/05 11:50 p.m.9 views

CVE-2026-34123 Whitelist Validation Bypass in TP-Link Tapo C520WS

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

7CVSS5.4AI score0.00151EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-34127

A stored cross-site scripting XSS vulnerability has been identified in the web management interface of TP-Link's TL-SG108PE v5 switch due to improper sanitation of the SYSNAM configuration parameter during configuration file import. An attacker with administrator access can inject malicious scrip...

5.3CVSS5.1AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-1871

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to...

7.1CVSS5.9AI score0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.12 views

CVE-2026-37535

openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac 2021-08-09 contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious...

7.1CVSS5.5AI score0.00205EPSS
Exploits0References1
Rows per page
Query Builder