
CVE-2025-6151 – TP-Link TL-WR940N WanSlaacCfgRpm.htm buffer overflow
https://notcve.org/view.php?id=CVE-2025-6151
17 Jun 2025 — A vulnerability, which was classified as critical, has been found in TP-Link TL-WR940N V4. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm. The manipulation of the argument dnsserver1 leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/WhereisDoujo/CVE/issues/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2025-4975 – Tapo privilege escalation on shared devices using notifications
https://notcve.org/view.php?id=CVE-2025-4975
22 May 2025 — When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device. • https://play.google.com/store/apps/details?id=com.tplink.iot&hl=en_US • CWE-269: Improper Privilege Management •

CVE-2025-40634 – Stack-based buffer overflow in TP-Link Archer AX50
https://notcve.org/view.php?id=CVE-2025-40634
20 May 2025 — Stack-based buffer overflow vulnerability in the 'conn-indicator' binary running as root on the TP-Link Archer AX50 router, in firmware versions prior to 1.0.15 build 241203 rel61480. This vulnerability allows an attacker to execute arbitrary code on the device over LAN and WAN networks. • https://packetstorm.news/files/id/194813 • CWE-121: Stack-based Buffer Overflow •

CVE-2025-3442 – Information Disclosure Vulnerability in TP-Link Tapo IoT Smart Hub
https://notcve.org/view.php?id=CVE-2025-3442
09 Apr 2025 — This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by... • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0072 • CWE-312: Cleartext Storage of Sensitive Information •

CVE-2025-25901
https://notcve.org/view.php?id=CVE-2025-25901
13 Feb 2025 — A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. Se ha descubierto una vulnerabilidad de desbordamiento de buffer en TP-Link TL-WR841ND V11, causada por los parámetros dnsserver1 y dnsserver2 en /userRpm/WanSlaacCfgRpm.htm. Esta vulnerabilidad permite a los atacantes ocasionar una denegación de servicio (Do... • https://github.com/2664521593/mycve/blob/main/TP-Link/BOF_in_TP-Link_TL-WR841ND-V11_5.pdf • CWE-787: Out-of-bounds Write •

CVE-2025-25897
https://notcve.org/view.php?id=CVE-2025-25897
13 Feb 2025 — A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. • https://github.com/2664521593/mycve/blob/main/TP-Link/BOF_in_TP-Link_TL-WR841ND-V11_3.pdf • CWE-787: Out-of-bounds Write •

CVE-2025-25898
https://notcve.org/view.php?id=CVE-2025-25898
13 Feb 2025 — A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. • https://github.com/2664521593/mycve/blob/main/TP-Link/BOF_in_TP-Link_TL-WR841ND-V11_1.pdf • CWE-787: Out-of-bounds Write •

CVE-2025-25899
https://notcve.org/view.php?id=CVE-2025-25899
13 Feb 2025 — A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. • https://github.com/2664521593/mycve/blob/main/TP-Link/BOF_in_TP-Link_TL-WR841ND-V11_2.pdf • CWE-404: Improper Resource Shutdown or Release •

CVE-2025-25900
https://notcve.org/view.php?id=CVE-2025-25900
13 Feb 2025 — A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. • https://github.com/2664521593/mycve/blob/main/TP-Link/BOF_in_TP-Link_TL-WR841ND-V11_4.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVE-2025-1099 – Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera
https://notcve.org/view.php?id=CVE-2025-1099
10 Feb 2025 — The TP-Link Tapo C500 V1 and V2 are a pan-and-tilt outdoor Wi-Fi security cameras designed for comprehensive surveillance. This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device. This vulnerability exists in Tapo C500 Wi-Fi... • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0017 • CWE-321: Use of Hard-coded Cryptographic Key •