CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25897
https://notcve.org/view.php?id=CVE-2025-25897
13 Feb 2025 — A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. • https://github.com/2664521593/mycve/blob/main/TP-Link/BOF_in_TP-Link_TL-WR841ND-V11_3.pdf •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25898
https://notcve.org/view.php?id=CVE-2025-25898
13 Feb 2025 — A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. • https://github.com/2664521593/mycve/blob/main/TP-Link/BOF_in_TP-Link_TL-WR841ND-V11_1.pdf •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25901
https://notcve.org/view.php?id=CVE-2025-25901
13 Feb 2025 — A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11, triggered by the dnsserver1 and dnsserver2 parameters at /userRpm/WanSlaacCfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. Se ha descubierto una vulnerabilidad de desbordamiento de buffer en TP-Link TL-WR841ND V11, causada por los parámetros dnsserver1 y dnsserver2 en /userRpm/WanSlaacCfgRpm.htm. Esta vulnerabilidad permite a los atacantes ocasionar una denegación de servicio (Do... • https://github.com/2664521593/mycve/blob/main/TP-Link/BOF_in_TP-Link_TL-WR841ND-V11_5.pdf • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1099 – Information Disclosure Vulnerability in TP-Link Tapo C500 Wi-Fi Camera
https://notcve.org/view.php?id=CVE-2025-1099
10 Feb 2025 — The TP-Link Tapo C500 V1 and V2 are a pan-and-tilt outdoor Wi-Fi security cameras designed for comprehensive surveillance. This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device. This vulnerability exists in Tapo C500 Wi-Fi... • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0017 • CWE-321: Use of Hard-coded Cryptographic Key •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0730 – TP-Link TL-SG108E HTTP GET Request usr_account_set.cgi get request method with sensitive query strings
https://notcve.org/view.php?id=CVE-2025-0730
27 Jan 2025 — A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings. It is possible to launch the attack remotely. The complexity of an attack is rather high. • https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20sensitive%20info%20in%20GET.md • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0729 – TP-Link TL-SG108E clickjacking
https://notcve.org/view.php?id=CVE-2025-0729
27 Jan 2025 — A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. • https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/tp-link%20clickjacking.md • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54127 – Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50
https://notcve.org/view.php?id=CVE-2024-54127
05 Dec 2024 — This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0354 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54126 – Insufficient Integrity Verification Vulnerability in TP-Link Archer C50
https://notcve.org/view.php?id=CVE-2024-54126
05 Dec 2024 — This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0354 • CWE-347: Improper Verification of Cryptographic Signature CWE-494: Download of Code Without Integrity Check •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-53375 – TP-Link Archer Authenticated OS Command Injection
https://notcve.org/view.php?id=CVE-2024-53375
02 Dec 2024 — Authenticated remote code execution (RCE) vulnerabilities affect TP-Link Archer, Deco, and Tapo series routers. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the installation or activation of the HomeShield functionality. Las vulnerabilidades de ejecución remota de código (RCE) autenticada afectan a los enrutadores de las series Archer, Deco y Tapo de TP-Link. Existe una vulnerabilidad en la función... • https://packetstorm.news/files/id/183288 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53623
https://notcve.org/view.php?id=CVE-2024-53623
29 Nov 2024 — Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information. • https://github.com/Crane-c/CVE_Request/blob/main/TP-Link/C7v5/TPLink_ARCHERC7v5_unauthorized_access_vulnerability_first.md • CWE-306: Missing Authentication for Critical Function •