Filtered by vendor Tp-link
Subscriptions
Total
493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1457 | 1 Tp-link | 1 Vigi C385 | 2026-02-04 | N/A |
| An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges. | ||||
| CVE-2025-62673 | 1 Tp-link | 1 Archer Ax53 | 2026-02-04 | N/A |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | ||||
| CVE-2025-59487 | 1 Tp-link | 1 Archer Ax53 | 2026-02-04 | N/A |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset is used to determine the write location in memory. By crafting a packet with a manipulated field offset, an attacker can redirect writes to arbitrary memory locations.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | ||||
| CVE-2025-62405 | 1 Tp-link | 1 Archer Ax53 | 2026-02-04 | N/A |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | ||||
| CVE-2025-62501 | 1 Tp-link | 1 Archer Ax53 | 2026-02-04 | N/A |
| SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | ||||
| CVE-2025-61944 | 1 Tp-link | 1 Archer Ax53 | 2026-02-04 | N/A |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | ||||
| CVE-2025-58455 | 1 Tp-link | 1 Archer Ax53 | 2026-02-04 | N/A |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | ||||
| CVE-2025-62404 | 1 Tp-link | 1 Archer Ax53 | 2026-02-04 | N/A |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | ||||
| CVE-2025-61983 | 1 Tp-link | 1 Archer Ax53 | 2026-02-04 | N/A |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | ||||
| CVE-2025-58077 | 1 Tp-link | 1 Archer Ax53 | 2026-02-04 | N/A |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | ||||
| CVE-2025-59482 | 1 Tp-link | 1 Archer Ax53 | 2026-02-04 | N/A |
| Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. | ||||
| CVE-2025-15545 | 1 Tp-link | 1 Archer Re605x | 2026-01-31 | N/A |
| The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability. | ||||
| CVE-2025-9014 | 1 Tp-link | 3 Tl-wr841n, Tl-wr841n Firmware, Wr841n | 2026-01-30 | 7.5 High |
| A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N v14: before 250908. | ||||
| CVE-2026-1315 | 1 Tp-link | 3 Tapo, Tapo C220 V1, Tapo C520ws V2 | 2026-01-29 | N/A |
| By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or application initiated restart to restore normal device operation. | ||||
| CVE-2026-0919 | 1 Tp-link | 3 Tapo, Tapo C220 V1, Tapo C520ws V2 | 2026-01-29 | N/A |
| The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can force repeated service crashes or device reboots, causing denial of service. | ||||
| CVE-2026-0918 | 1 Tp-link | 3 Tapo, Tapo C220 V1, Tapo C520ws V2 | 2026-01-29 | N/A |
| The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can repeatedly crash the service, causing temporary denial of service. The device restarts automatically, and repeated requests can keep it unavailable. | ||||
| CVE-2025-14738 | 1 Tp-link | 2 Tl-wa850re, Tl-wa850re Firmware | 2026-01-29 | 7.5 High |
| Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922. | ||||
| CVE-2025-9521 | 1 Tp-link | 1 Omada Controller | 2026-01-27 | N/A |
| Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security. | ||||
| CVE-2025-9522 | 1 Tp-link | 1 Omada Controller | 2026-01-27 | N/A |
| Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information. | ||||
| CVE-2025-14756 | 1 Tp-link | 1 Archer Mr600 | 2026-01-27 | N/A |
| Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser developer console, possibly leading to service disruption or full compromise. | ||||