Vulnerabilities (CVE)

Vendor filter

Tp-link Subscribe

Filter

117 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-16119 1 Tp-link 1 Tl-wr1043nd Firmware 2019-06-24 9.0
Stack-based buffer overflow in the httpd server of TP-Link WR1043nd (Firmware Version 3) allows remote attackers to execute arbitrary code via a malicious MediaServer request to /userRpm/MediaServerFoldersCfgRpm.htm.
CVE-2019-6972 1 Tp-link 1 Tl-wr1043nd Firmware 2019-06-20 5.0
An issue was discovered on TP-Link TL-WR1043ND V2 devices. The credentials can be easily decoded and cracked by brute-force, WordList, or Rainbow Table attacks. Specifically, credentials in the "Authorization" cookie are encoded with URL encoding...
CVE-2019-6971 1 Tp-link 1 Tl-wr1043nd Firmware 2019-06-20 10.0
An issue was discovered on TP-Link TL-WR1043ND V2 devices. An attacker can send a cookie in an HTTP authentication packet to the router management web interface, and fully control the router without knowledge of the credentials.
CVE-2019-6989 1 Tp-link 2 Tl-wr940n Firmware, Tl-wr941nd Firmware 2019-06-10 9.0
TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer...
CVE-2019-12195 1 Tp-link 1 Tl-wr840n Firmware 2019-05-29 3.5
TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name...
CVE-2016-10719 1 Tp-link 1 Archer Cr700 Firmware 2019-05-16 4.3
TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password.
CVE-2018-18489 1 Tp-link 1 Wr840n Firmware 2019-04-17 6.8
The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than...
CVE-2017-15615 1 Tp-link 38 Er5110g Firmware, Er5120g Firmware, Er5510g Firmware and 35 more 2019-03-11 9.0
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file.
CVE-2017-15616 1 Tp-link 38 Er5110g Firmware, Er5120g Firmware, Er5510g Firmware and 35 more 2019-03-11 9.0
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.
CVE-2017-15617 1 Tp-link 38 Er5110g Firmware, Er5120g Firmware, Er5510g Firmware and 35 more 2019-03-11 9.0
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.
CVE-2017-15618 1 Tp-link 38 Er5110g Firmware, Er5120g Firmware, Er5510g Firmware and 35 more 2019-03-11 9.0
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.
CVE-2017-15619 1 Tp-link 38 Er5110g Firmware, Er5120g Firmware, Er5510g Firmware and 35 more 2019-03-11 9.0
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file.
CVE-2017-15620 1 Tp-link 38 Er5110g Firmware, Er5120g Firmware, Er5510g Firmware and 35 more 2019-03-11 9.0
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file.
CVE-2017-15629 1 Tp-link 38 Er5110g Firmware, Er5120g Firmware, Er5510g Firmware and 35 more 2019-03-11 9.0
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.
CVE-2017-15630 1 Tp-link 38 Er5110g Firmware, Er5120g Firmware, Er5510g Firmware and 35 more 2019-03-11 9.0
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file.
CVE-2017-15631 1 Tp-link 38 Er5110g Firmware, Er5120g Firmware, Er5510g Firmware and 35 more 2019-03-11 9.0
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.
CVE-2017-15632 1 Tp-link 38 Er5110g Firmware, Er5120g Firmware, Er5510g Firmware and 35 more 2019-03-11 9.0
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.
CVE-2017-15633 1 Tp-link 38 Er5110g Firmware, Er5120g Firmware, Er5510g Firmware and 35 more 2019-03-11 9.0
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.
CVE-2017-15634 1 Tp-link 38 Er5110g Firmware, Er5120g Firmware, Er5510g Firmware and 35 more 2019-03-11 9.0
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.
CVE-2017-15635 1 Tp-link 38 Er5110g Firmware, Er5120g Firmware, Er5510g Firmware and 35 more 2019-03-11 9.0
TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.