Vulnerabilities (CVE)

Vendor filter

Tp-link Subscribe

Filter

108 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-20372 1 Tp-link 1 Td-w8961nd Firmware 2019-01-11 3.5
TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.
CVE-2018-5393 1 Tp-link 1 Eap Controller 2019-01-07 10.0
The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. It utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before...
CVE-2018-19537 1 Tp-link 1 Archer C5 Firmware 2018-12-28 9.0
TP-Link Archer C5 devices through V2_160201_US allow remote command execution via shell metacharacters on the wan_dyn_hostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using...
CVE-2018-3949 1 Tp-link 1 Tl-r600vpn Firmware 2018-12-27 5.0
An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can...
CVE-2018-3950 1 Tp-link 1 Tl-r600vpn Firmware 2018-12-27 6.5
An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in...
CVE-2018-3951 1 Tp-link 1 Tl-r600vpn Firmware 2018-12-27 6.5
An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device....
CVE-2018-3948 1 Tp-link 1 Tl-r600vpn Firmware 2018-12-27 5.0
An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management...
CVE-2018-19528 1 Tp-link 1 Tl-wr886n Firmware 2018-12-19 10.0
TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp.
CVE-2018-13134 1 Tp-link 1 Archer C1200 Firmware 2018-12-12 4.3
TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.
CVE-2018-15700 1 Tp-link 1 Tl-wrn841n Firmware 2018-11-27 6.1
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field.
CVE-2018-15701 1 Tp-link 1 Tl-wrn841n Firmware 2018-11-27 3.3
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field.
CVE-2018-15702 1 Tp-link 1 Tl-wrn841n Firmware 2018-11-27 6.8
The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field.
CVE-2018-17004 1 Tp-link 1 Tl-wr886n Firmware 2018-10-30 4.0
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wlan_access name.
CVE-2018-17012 1 Tp-link 1 Tl-wr886n Firmware 2018-10-30 4.0
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info set_block_flag up_limit.
CVE-2018-17013 1 Tp-link 1 Tl-wr886n Firmware 2018-10-30 4.0
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for protocol wan wan_rate.
CVE-2018-17014 1 Tp-link 1 Tl-wr886n Firmware 2018-10-30 4.0
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ip_mac_bind name.
CVE-2018-17016 1 Tp-link 1 Tl-wr886n Firmware 2018-10-29 4.0
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for reboot_timer name.
CVE-2018-17015 1 Tp-link 1 Tl-wr886n Firmware 2018-10-29 4.0
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username.
CVE-2018-17017 1 Tp-link 1 Tl-wr886n Firmware 2018-10-29 4.0
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for dhcpd udhcpd enable.
CVE-2018-17018 1 Tp-link 1 Tl-wr886n Firmware 2018-10-29 4.0
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for time_switch name.