cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-0730,https://securityvulnerability.io/vulnerability/CVE-2025-0730,Vulnerability in HTTP GET Request Handler of TP-Link TL-SG108E Switch,"A vulnerability has been discovered in the TP-Link TL-SG108E affecting its HTTP GET Request Handler. An unspecified function within /usr_account_set.cgi allows an attacker to exploit the username and password parameters, leading to the exposure of sensitive query strings through the GET request method. This vulnerability can be exploited remotely, making it a significant security concern. While the complexity of this attack is relatively high, the potential for misuse exists as the exploit details have been publicly disclosed. Users are advised to upgrade to the newer version 1.0.0 Build 20250124 Rel. 54920(Beta) to mitigate the risks associated with this vulnerability.",Tp-link,Tl-sg108e,6.3,MEDIUM,0.0005799999926239252,false,,false,false,true,2025-01-27T17:00:13.000Z,true,false,false,,2025-01-27T17:00:13.810Z,0
CVE-2024-54887,https://securityvulnerability.io/vulnerability/CVE-2024-54887,Buffer Overflow in TP-Link Routers Allowing Code Execution,"The TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier are susceptible to a buffer overflow vulnerability through the dnsserver1 and dnsserver2 parameters located at /userRpm/Wan6to4TunnelCfgRpm.htm. An authenticated attacker can exploit this vulnerability to execute arbitrary code on the device, gaining potentially unauthorized access and control in the context of the root user. This issue emphasizes the need for timely firmware updates and robust security practices for device management.",TP-Link,,8,HIGH,0.0004299999854993075,false,,true,false,true,2025-01-21T17:08:44.000Z,false,false,false,,2025-01-09T20:15:00.000Z,1109
CVE-2024-12344,https://securityvulnerability.io/vulnerability/CVE-2024-12344,Memory Corruption Vulnerability in TP-Link VN020 F3v(T) Product,"CVE-2024-12344 represents a severe vulnerability identified in TP-Link's VN020 F3v(T) product line, specifically in firmware version TT_V6.2.1021. The vulnerability is triggered through the FTP USER Command Handler component, leading to potential memory corruption. This flaw can be exploited remotely, allowing attackers to manipulate the system without physical access. Given the public disclosure of the exploit, it is critical for users and administrators to apply necessary security updates and implement protective measures to mitigate risks.",Tp-link,Vn020 F3v(t),9.8,CRITICAL,0.0030799999367445707,false,,false,false,true,2024-12-08T23:15:00.000Z,true,false,false,,2024-12-08T23:15:00.000Z,0
CVE-2024-12343,https://securityvulnerability.io/vulnerability/CVE-2024-12343,Buffer Overflow Vulnerability in TP-Link VN020 F3v(T) SOAP Request Handler,"CVE-2024-12343 identifies a critical buffer overflow vulnerability in the TP-Link VN020 F3v(T) TT_V6.2.1021 associated with the SOAP Request Handler's /control/WANIPConnection endpoint. This vulnerability can be exploited by manipulating the NewConnectionType argument, potentially allowing attackers within the local network to execute arbitrary code or cause a denial of service (DoS). As the exploit has been disclosed publicly, it emphasizes the urgency for users and network administrators to apply necessary patches and mitigate risks associated with this critical vulnerability.",Tp-link,Vn020 F3v(t),8.8,HIGH,0.0007900000200606883,false,,false,false,true,2024-12-08T09:31:05.000Z,true,false,false,,2024-12-08T09:31:05.401Z,0
CVE-2024-12342,https://securityvulnerability.io/vulnerability/CVE-2024-12342,Denial of Service Vulnerability in TP-Link VN020 F3v(T) Devices,"A critical vulnerability has been identified in the TP-Link VN020 F3v(T) devices, specifically in the Incomplete SOAP Request Handler of the /control/WANIPConnection file. This vulnerability can lead to a denial of service (DoS) condition, disrupting the normal operation of the affected devices. The issue can only be exploited from within the local network, thus posing a threat primarily to internal users. The details of this vulnerability have been publicly disclosed, and users are advised to take protective measures to mitigate potential exploitation.",Tp-link,Vn020 F3v(t),6.5,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-12-08T06:31:05.000Z,true,false,false,,2024-12-08T06:31:05.109Z,0
CVE-2024-53375,https://securityvulnerability.io/vulnerability/CVE-2024-53375,Remote Code Execution Vulnerability in TP-Link Archer Routers,"The vulnerability CVE-2024-53375 affects TP-Link routers, allowing attackers to execute remote code and inject malicious commands, leading to potential exploitation of the devices. The vulnerability affects the HomeShield functionality and can be exploited without the installation or activation of the HomeShield functionality. The flaw resides in the firmware of the routers, allowing attackers to execute arbitrary commands with root privileges, gaining full control over the device. It is important for TP-Link users to update their router firmware as soon as TP-Link releases a patch to mitigate the risk of exploitation.",TP-Link,,,,0.0004299999854993075,false,,true,false,true,2024-12-03T08:48:10.000Z,,false,false,,2024-12-02T00:00:00.000Z,0
CVE-2024-11237,https://securityvulnerability.io/vulnerability/CVE-2024-11237,Stack-based Buffer Overflow in TP-Link VN020 F3v(T) DHCP Component,"A significant security flaw has been identified in the TP-Link VN020 F3v(T) device, specifically within its DHCP DISCOVER packet parser. This vulnerability allows for a stack-based buffer overflow, which could be exploited remotely. Attackers can manipulate the hostname argument, leading to potential unauthorized access and control over affected devices. With the exploit made public, it poses a serious threat to users who have not yet secured their systems. It is vital for organizations using this product to implement necessary security patches and maintain vigilant monitoring to mitigate any risks associated with this vulnerability.",Tp-link,Vn020 F3v(t),9.8,CRITICAL,0.002839999971911311,false,,false,false,true,2024-11-15T12:00:15.000Z,true,false,false,,2024-11-15T12:00:15.886Z,0
CVE-2024-2188,https://securityvulnerability.io/vulnerability/CVE-2024-2188,Unauthenticated XSS Vulnerability in TP-Link Archer AX50 Firmware,"Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded.",Tp-link,Archer Ax50,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-09-17T23:33:13.000Z,true,false,false,,2024-03-05T12:15:25.297Z,0