Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115", Deco X50 firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122", and Deco XE200 firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120".
Max CVSS
8.8
EPSS Score
0.09%
Published
2024-01-11
Updated
2024-01-18
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", and Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115".
Max CVSS
8.0
EPSS Score
0.05%
Published
2024-01-11
Updated
2024-01-18
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", Deco X50 firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122", and Deco XE200 firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120".
Max CVSS
8.8
EPSS Score
0.06%
Published
2024-01-11
Updated
2024-01-18
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-25
Updated
2023-10-26
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-25
Updated
2023-10-26
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-25
Updated
2023-10-26
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-25
Updated
2023-10-26
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-25
Updated
2023-10-26
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-25
Updated
2023-10-26
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function bindRequestHandle.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-25
Updated
2023-10-26
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-25
Updated
2023-10-26
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-25
Updated
2023-10-26
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-25
Updated
2023-10-26
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function deviceInfoRegister.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-25
Updated
2023-10-26
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-25
Updated
2023-10-26
TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-10-25
Updated
2023-10-26
TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses.
Max CVSS
9.8
EPSS Score
0.05%
Published
2023-10-25
Updated
2023-11-01
TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.
Max CVSS
9.8
EPSS Score
0.05%
Published
2023-10-25
Updated
2023-11-01
TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests.
Max CVSS
8.8
EPSS Score
0.06%
Published
2024-03-06
Updated
2024-03-12
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.
Max CVSS
8.8
EPSS Score
0.22%
Published
2023-09-20
Updated
2023-09-22
TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.
Max CVSS
8.8
EPSS Score
0.22%
Published
2023-09-20
Updated
2023-09-22
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.
Max CVSS
9.8
EPSS Score
0.23%
Published
2023-09-20
Updated
2023-09-22
Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
Max CVSS
8.0
EPSS Score
0.04%
Published
2023-09-06
Updated
2023-09-11
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.
Max CVSS
8.0
EPSS Score
0.05%
Published
2023-09-06
Updated
2023-09-11
Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
Max CVSS
8.0
EPSS Score
0.04%
Published
2023-09-06
Updated
2023-09-11
201 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!