CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25897
https://notcve.org/view.php?id=CVE-2025-25897
13 Feb 2025 — A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. • https://github.com/2664521593/mycve/blob/main/TP-Link/BOF_in_TP-Link_TL-WR841ND-V11_3.pdf •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25898
https://notcve.org/view.php?id=CVE-2025-25898
13 Feb 2025 — A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. • https://github.com/2664521593/mycve/blob/main/TP-Link/BOF_in_TP-Link_TL-WR841ND-V11_1.pdf •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25901
https://notcve.org/view.php?id=CVE-2025-25901
13 Feb 2025 — A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. Se ha descubierto una vulnerabilidad de desbordamiento de buffer en TP-Link TL-WR841ND V11, causada por los parámetros dnsserver1 y dnsserver2 en /userRpm/WanSlaacCfgRpm.htm. Esta vulnerabilidad permite a los atacantes ocasionar una denegación de servicio (Do... • https://github.com/2664521593/mycve/blob/main/TP-Link/BOF_in_TP-Link_TL-WR841ND-V11_5.pdf • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-53375 – TP-Link Archer Authenticated OS Command Injection
https://notcve.org/view.php?id=CVE-2024-53375
02 Dec 2024 — Authenticated remote code execution (RCE) vulnerabilities affect TP-Link Archer, Deco, and Tapo series routers. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the installation or activation of the HomeShield functionality. Las vulnerabilidades de ejecución remota de código (RCE) autenticada afectan a los enrutadores de las series Archer, Deco y Tapo de TP-Link. Existe una vulnerabilidad en la función... • https://packetstorm.news/files/id/183288 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53623
https://notcve.org/view.php?id=CVE-2024-53623
29 Nov 2024 — Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information. • https://github.com/Crane-c/CVE_Request/blob/main/TP-Link/C7v5/TPLink_ARCHERC7v5_unauthorized_access_vulnerability_first.md • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11237 – TP-Link VN020 F3v(T) DHCP DISCOVER Packet Parser TP-Thumper stack-based overflow
https://notcve.org/view.php?id=CVE-2024-11237
15 Nov 2024 — A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Zephkek/TP-Thumper • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22733
https://notcve.org/view.php?id=CVE-2024-22733
01 Nov 2024 — TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker. • https://lenoctambule.dev/post/dos-on-tp-link-web-admin-panel • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48712
https://notcve.org/view.php?id=CVE-2024-48712
15 Oct 2024 — In TP-Link TL-WDR7660 1.0, the rtRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. • https://github.com/sezangel/IOT-vul/blob/main/TPlink/TL-WDR7660/3/readme.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48714
https://notcve.org/view.php?id=CVE-2024-48714
15 Oct 2024 — In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. • https://github.com/sezangel/IOT-vul/tree/main/TPlink/TL-WDR7660/2 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48710
https://notcve.org/view.php?id=CVE-2024-48710
15 Oct 2024 — In TP-Link TL-WDR7660 1.0, the wlanTimerRuleJsonToBin function handles the parameter string name without checking it, which can lead to stack overflow vulnerabilities. • https://github.com/sezangel/IOT-vul/blob/main/TPlink/TL-WDR7660/1/readme.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •