Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

TP Link Systems Inc.

Source -

CNA

BOS Name -

N/A

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
2Vulnerabilities found
CVE-2025-9293
Assigner-TP-Link Systems Inc.
ShareView Details
Assigner-TP-Link Systems Inc.
CVSS Score-7.7||HIGH
EPSS-Not Assigned
Published-13 Feb, 2026 | 00:22
Updated-13 Feb, 2026 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data.

Action-Not Available
Vendor-TP Link Systems Inc.TP-Link Systems Inc.
Product-Tapo AppWiFi ToolkitTether AppFesta AppWi-Fi NaviOmada GuardKasa AppDeco AppKidShieldTP-Partner AppVIGI ApptpCamera AppAginet AppOmada App
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-15551
Assigner-TP-Link Systems Inc.
ShareView Details
Assigner-TP-Link Systems Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 9.63%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 17:22
Updated-12 Feb, 2026 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.

Action-Not Available
Vendor-TP Link Systems Inc.TP-Link Systems Inc.TP-Link Systems Inc.
Product-tl-wr850ntl-wr850n_firmwaretl-wr845n_firmwarearcher_mr200_firmwarearcher_mr200archer_c20_firmwarearcher_c20tl-wr845nArcher C20 v6TL-WR845N v4TL-WR850N v3Archer MR200 v5.2
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')