Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-39751

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-21 Aug, 2023 | 00:00
Updated At-07 Oct, 2024 | 15:52
Rejected At-
Credits

TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:21 Aug, 2023 | 00:00
Updated At:07 Oct, 2024 | 15:52
Rejected At:
▼CVE Numbering Authority (CNA)

TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/20/WR941ND_userRpm_PingIframeRpm_buffer_write_out-of-bounds_vulnerability.md
N/A
Hyperlink: https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/20/WR941ND_userRpm_PingIframeRpm_buffer_write_out-of-bounds_vulnerability.md
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/20/WR941ND_userRpm_PingIframeRpm_buffer_write_out-of-bounds_vulnerability.md
x_transferred
Hyperlink: https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/20/WR941ND_userRpm_PingIframeRpm_buffer_write_out-of-bounds_vulnerability.md
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
TP-Link Systems Inc.tp-link
Product
tl-wr941nd
CPEs
  • cpe:2.3:h:tp-link:tl-wr941nd:v6:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • v6
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:21 Aug, 2023 | 03:15
Updated At:24 Aug, 2023 | 21:22

TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
TP-Link Systems Inc.
tp-link
>>tl-wr941nd_v6_firmware>>-
cpe:2.3:o:tp-link:tl-wr941nd_v6_firmware:-:*:*:*:*:*:*:*
TP-Link Systems Inc.
tp-link
>>tl-wr941nd_v6>>-
cpe:2.3:h:tp-link:tl-wr941nd_v6:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/20/WR941ND_userRpm_PingIframeRpm_buffer_write_out-of-bounds_vulnerability.mdcve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/20/WR941ND_userRpm_PingIframeRpm_buffer_write_out-of-bounds_vulnerability.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2322Records found
CVE-2022-4498
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-1.78% / 75.40%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 20:38
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A vulnerable HTTP Basic Authentication process in TP-Link routers, Archer C5 and WR710N-V1, is susceptible to either a DoS or an arbitrary code execution via any interface.

In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-tl-wr710narcher_c5tl-wr710n_firmwarearcher_c5_firmwareWR710NArcher C5
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12344
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-1.81% / 75.76%
||
7 Day CHG~0.00%
Published-08 Dec, 2024 | 23:00
Updated-10 Dec, 2024 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link VN020 F3v(T) FTP USER Command memory corruption

A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-vn020_f3vvn020_f3v_firmwareVN020 F3v(T)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25074
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.03% / 95.84%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 22:44
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr902actl-wr902ac_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-10881
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-11.21% / 95.39%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 19:15
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9660.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-ac1750ac1750_firmwareArcher A7
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25073
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.03% / 95.84%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 22:44
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr841ntl-wr841n_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-25072
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.03% / 95.84%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 22:44
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-archer_a54archer_a54_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46373
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.90% / 55.08%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wdr7660tl-wdr7660_firmwaren/atl-wdr7660_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46539
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 59.18%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/atl-wr886n_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46522
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.26% / 65.95%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-25 Oct, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/atl-wr886n_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46520
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 59.18%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/atl-wr886n_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42815
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.81% / 52.07%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 00:00
Updated-09 Jul, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-re365_firmwarere365n/are365
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-1668
Matching Score-10
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-10
Assigner-TP-Link Systems Inc.
CVSS Score-7.7||HIGH
EPSS-0.97% / 57.31%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 16:53
Updated-02 Apr, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Input Validation Vulnerability on Multiple Omada Switches

The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-omada_sg3210x-m2omada_sx3008fomada_sx3016fomada_sg3428x-m2_firmwareomada_sg3210xhp-m2omada_sg3428xmpp_firmwareomada_sg3428xf_firmwareomada_sg3452xmppomada_sg3452_firmwareomada_sx3016f_firmwareomada_sg2218_firmwareomada_sg3218xp-m2omada_sg3210omada_sx3032f_firmwareomada_tl-sg3452pomada_sg3428xfomada_sg3452omada_sg2428p_firmwareomada_sl2428p_firmwareomada_sg2210xmp-m2_firmwareomada_sg3210xhp-m2_firmwareomada_tl-sg3428mpomada_sg2452lpomada_sg3428xmppomada_sg3452p_firmwareomada_sg3452xp_firmwareomada_sg2008pomada_sg3452pomada_sx3008f_firmwareomada_sg3428mp_firmwareomada_sg2210pomada_sg2428lp_firmwareomada_sg2218p_firmwareomada_sx3032fomada_sg3218xp-m2_firmwareomada_sx3832omada_sg2428lpomada_tl-sg2428pomada_sg2008omada_sg2210p_firmwareomada_sg3428mpomada_sg3428_firmwareomada_sg3428omada_sg2218omada_sg3452xmpp_firmwareomada_sg3428xpp-m2_firmwareomada_sg2016pomada_sg3452x_firmwareomada_sx3832mppomada_sg2005p-pdomada_tl-sg2428p_firmwareomada_sg2210mp_firmwareomada_sl2428pomada_sg2218pomada_sg2210mpomada_sg2452lp_firmwareomada_sg3452xpomada_sg3428xmpomada_sg3428xomada_tl-sg3428mp_firmwareomada_sg3210_firmwareomada_sg2008p_firmwareomada_sg2428pomada_sx3832_firmwareomada_sg2210xmp-m2omada_sx3206hppomada_sg2016p_firmwareomada_sg3428xpp-m2omada_sx3206hpp_firmwareomada_sg3428xmp_firmwareomada_sg3428x-m2omada_sg3452xomada_sg2005p-pd_firmwareomada_sx3832mpp_firmwareomada_tl-sg3452p_firmwareomada_sg3428x_firmwareomada_sg3210x-m2_firmwareomada_sg2008_firmwareSG2016P 1.2xSG3428MP 6.2xSX3016F 1.3xSG2428LP 1.xSG2210XMP-M2 1.xSG2218P 2.xSG2218P 1.2xSG2218 1.2xSL2428P 6.2xSG2452LP 1.xSG3428X 1.3xSG2210P 5.2xSG3452 1.3xSX3832MPP 1.xSG3452XP 2.3xSG2218P 2.2xSG3428XMP 3.3xSG3428 2.4xSG3452X 1.3xSG3428XMPP 1.2xSG3210XHP-M2 3.xSG2008 4.2xSG3452XP 2.2xSG3210 3.2xSX3206HPP 1.20SG3218XP-M2 1.xSG2428P 5.2xSG2008P 3.3xSX3016F 1.2xSG3452X 1.2xSG3428XPP-M2 1.2xSG2008 4.3xSG3452P 3.3xSG3428XMPP 1.xSG3452XMPP 1.xSG3428 2.3xSG3210X-M2 1.xTL-SG2428P 4.xSG3428XMP 3.2xSG3428X-M2 1.2xSG2210P 5.3xSG3452 1.2xSG3428X 1.4xSG2008P 3.2xSG2428P 5.3xTL-SG3452P 3.0SG2005P-PD 1.xSG2016P 1.3xTL-SG3428MP 5.xSG3452P 3.4xSX3032F 1.xSG3210 3.3xSG2218 1.3xSG2210MP 4.2xSG2210MP 5.xSG3428XF 1.2xSG3210X-M2 1.2xSG3428XF 1.3xSG2210MP 5.2xSX3008F 1.2xSG3428MP 6.3xSX3832 1.x
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-31710
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 43.38%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 00:00
Updated-21 Oct, 2024 | 13:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-archer_ax21archer_ax21_firmwaren/aarcher_ax21
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46525
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 59.18%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/atl-wr886n_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46534
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 59.17%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/atl-wr886n_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46526
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 59.18%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/atl-wr886n_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46521
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 59.18%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/atl-wr886n_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46536
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 59.18%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/atl-wr886n_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46535
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 59.18%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/atl-wr886n_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46538
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 59.18%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/atl-wr886n_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46537
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 59.18%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/atl-wr886n_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46527
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.27% / 66.14%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/atl-wr886n_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46523
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.03% / 59.18%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/atl-wr886n_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46371
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.12% / 62.05%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wdr7660tl-wdr7660_firmwaren/atl-wr886n_firmwaretl-wdr7660_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29562
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.93% / 55.90%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 00:00
Updated-03 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wpa7510_firmwaretl-wpa7510n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11237
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-5.20% / 91.40%
||
7 Day CHG+0.18%
Published-15 Nov, 2024 | 12:00
Updated-19 Nov, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link VN020 F3v(T) DHCP DISCOVER Packet Parser TP-Thumper stack-based overflow

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-vn020-f3v\(t\)_firmwarevn020-f3v\(t\)VN020 F3v(T)vn020_f3v_firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-7851
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-8.7||HIGH
EPSS-0.61% / 44.82%
||
7 Day CHG+0.03%
Published-21 Oct, 2025 | 00:29
Updated-24 Oct, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthorized root access via debug functionality

An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-er7212pcer7412-m2_firmwarefr205_firmwarefr365_firmwareer8411_firmwareer7412-m2er706w_firmwareg36_firmwareer7212pc_firmwarefr307-m2er706wer8411er706w-4ger605_firmwarefr365er707-m2er7206fr205er706w-4g_firmwarefr307-m2_firmwareer7206_firmwareg611er605g611_firmwareg36er707-m2_firmwareOmada Pro gatewaysFesta gatewaysOmada gateways
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-44625
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.75% / 75.03%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 21:31
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-34555
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.49% / 97.18%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 22:57
Updated-03 Aug, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-r473gtl-r473g_firmwaren/a
CVE-2020-12110
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-14.40% / 96.17%
||
7 Day CHG~0.00%
Published-04 May, 2020 | 13:49
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-nc200_firmwarenc220nc450_firmwarenc250_firmwarenc260_firmwarenc260nc250nc210nc210_firmwarenc200nc230nc450nc230_firmwarenc220_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-25061
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-72.50% / 99.37%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 19:39
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr840n_firmwaretl-wr840nn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-6542
Matching Score-8
Assigner-TP-Link Systems Inc.
ShareView Details
Matching Score-8
Assigner-TP-Link Systems Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.92% / 55.81%
||
7 Day CHG+0.04%
Published-21 Oct, 2025 | 00:23
Updated-24 Oct, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS command injection in multiple parameters

An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.

Action-Not Available
Vendor-TP-Link Systems Inc.TP-Link Systems Inc.
Product-er7412-m2_firmwareer7212pcfr205_firmwareer8411_firmwarefr365_firmwareer7412-m2er706w_firmwareg36_firmwareer7212pc_firmwarefr307-m2er706wer8411er706w-4ger605_firmwarefr365er707-m2er7206fr205er706w-4g_firmwarefr307-m2_firmwareer7206_firmwareg611er605g611_firmwareg36er707-m2_firmwareOmada Pro gatewaysFesta gatewaysOmada gateways
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-10886
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.1||HIGH
EPSS-5.50% / 91.77%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 19:15
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tmpServer service, which listens on TCP port 20002. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9662.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-ac1750ac1750_firmwareArcher A7
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-10887
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.1||HIGH
EPSS-4.11% / 89.45%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 19:15
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9663.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-ac1750ac1750_firmwareArcher A7
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2022-25060
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-52.43% / 98.82%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 19:38
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr840n_firmwaretl-wr840nn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-25064
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-39.78% / 98.44%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 19:38
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr840n_firmwaretl-wr840nn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-49134
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-1.75% / 74.94%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 14:12
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.This vulnerability impacts `uclited` on the EAP115(V4) 5.0.4 Build 20220216 of the N300 Wireless Gigabit Access Point.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-eap115_firmwareeap225eap225_firmwareeap115AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3)N300 Wireless Access Point (EAP115)ac1350_firmwaren300_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2020-10885
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.1||HIGH
EPSS-7.22% / 93.51%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 19:15
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of DNS reponses prior to further processing. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the root user. Was ZDI-CAN-9661.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-ac1750ac1750_firmwareArcher A7
CWE ID-CWE-20
Improper Input Validation
CVE-2022-22922
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.30% / 66.81%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 00:55
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wa850retl-wa850re_firmwaren/a
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2022-0162
Matching Score-8
Assigner-Indian Computer Emergency Response Team (CERT-In)
ShareView Details
Matching Score-8
Assigner-Indian Computer Emergency Response Team (CERT-In)
CVSS Score-8.4||HIGH
EPSS-0.66% / 46.76%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:05
Updated-16 Sep, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability in TP-LinK TL-WR841N wireless router

The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-tl-wr841ntl-wr841n_firmwareTL-WR841N
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2021-44629
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.41% / 82.00%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 21:50
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-44631
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.41% / 82.00%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 21:55
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-44627
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.41% / 82.00%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 21:44
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-13653
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.10% / 79.28%
||
7 Day CHG~0.00%
Published-24 Oct, 2019 | 14:58
Updated-04 Aug, 2024 | 23:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n allow triggerPort OS Command Injection (issue 5 of 5).

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-m7350_firmwarem7350n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-44630
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.41% / 82.00%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 21:52
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-44623
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.75% / 75.03%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 21:18
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-44622
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.41% / 82.00%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 20:47
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-44626
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.41% / 82.00%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 21:37
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-44632
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.41% / 81.99%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 21:58
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-42232
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.17% / 86.39%
||
7 Day CHG-0.02%
Published-23 Aug, 2022 | 00:41
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-archer_a7archer_a7_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 46
  • 47
  • Next
Details not found