cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-57050,https://securityvulnerability.io/vulnerability/CVE-2024-57050,Authentication Bypass in TP-Link WR840N v6 Router,"A vulnerability in the TP-Link WR840N v6 router enables unauthorized individuals to bypass authentication mechanisms on certain interfaces located under the /cgi directory. By sending a specially crafted request that includes a Referer header set to http://tplinkwifi.net, attackers can gain access to restricted functionalities without proper validation, posing significant risks to the security of the network. Users should be aware of this risk and take appropriate measures to secure their devices.",TP-Link,WR840N v6 Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-18T00:00:00.000Z,0
CVE-2024-57049,https://securityvulnerability.io/vulnerability/CVE-2024-57049,Authentication Bypass Vulnerability in TP-Link Archer C20 Router,"A vulnerability in the TP-Link Archer C20 router allows unauthorized users to bypass the authentication mechanism for certain interfaces under the /cgi directory. When a specific HTTP Referer header is set to http://tplinkwifi.net, the request is erroneously treated as authenticated, enabling potential unauthorized access to sensitive router settings. This flaw poses a significant risk, particularly for users who may not be aware of the exposed interfaces and their implications.",TP-Link,Archer C20 Router,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-18T00:00:00.000Z,0
CVE-2025-25901,https://securityvulnerability.io/vulnerability/CVE-2025-25901,Buffer Overflow Vulnerability in TP-Link Router,"A buffer overflow vulnerability has been identified in the TP-Link TL-WR841ND V11. This issue arises from improper handling of the dnsserver1 and dnsserver2 parameters within the /userRpm/WanSlaacCfgRpm.htm interface. An attacker can exploit this weakness by sending specifically crafted packets that may lead to a Denial of Service (DoS), rendering the device unresponsive and affecting network availability.",TP-Link,TL-WR841ND,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-13T00:00:00.000Z,0
CVE-2025-25899,https://securityvulnerability.io/vulnerability/CVE-2025-25899,Buffer Overflow Vulnerability in TP-Link Router,"A buffer overflow vulnerability has been identified in the TP-Link TL-WR841ND V11 router, specifically concerning the 'gw' parameter in the /userRpm/WanDynamicIpV6CfgRpm.htm interface. This weakness can be exploited by attackers to send specially crafted packets, resulting in a Denial of Service (DoS). Users of affected devices should take steps to secure their configurations in light of this vulnerability.",TP-Link,TL-WR841ND V11,3.5,LOW,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-13T00:00:00.000Z,0
CVE-2025-25898,https://securityvulnerability.io/vulnerability/CVE-2025-25898,Buffer Overflow Vulnerability in TP-Link TL-WR841ND V11 Router,"A buffer overflow vulnerability has been identified in the TP-Link TL-WR841ND V11 router, specifically related to the pskSecret parameter in the /userRpm/WlanSecurityRpm.htm interface. This flaw can be exploited by attackers to send specially crafted packets, leading to a Denial of Service (DoS) condition. This vulnerability emphasizes the need for robust security measures in network devices to prevent unauthorized access and service disruption.",TP-Link,TL-WR841ND V11,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-13T00:00:00.000Z,0
CVE-2025-25900,https://securityvulnerability.io/vulnerability/CVE-2025-25900,Buffer Overflow Vulnerability in TP-Link TL-WR841ND V11,"A buffer overflow vulnerability has been identified in the TP-Link TL-WR841ND V11 router. This flaw exists in the handling of username and password parameters within the /userRpm/PPPoEv6CfgRpm.htm endpoint. Attackers can exploit this vulnerability by sending specially crafted packets, potentially leading to a Denial of Service (DoS) condition, disrupting network services and affecting device performance.",TP-Link,TL-WR841ND V11,4.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-13T00:00:00.000Z,0
CVE-2025-25897,https://securityvulnerability.io/vulnerability/CVE-2025-25897,Buffer Overflow Vulnerability in TP-Link TL-WR841ND V11,"A buffer overflow vulnerability in the TP-Link TL-WR841ND V11 has been identified, specifically affecting the handling of input via the 'ip' parameter at /userRpm/WanStaticIpV6CfgRpm.htm. An attacker can exploit this flaw by sending specially crafted packets, resulting in a Denial of Service (DoS) condition, which may disrupt normal functionality and accessibility of the device.",TP-Link,TL-WR841ND V11,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-02-13T00:00:00.000Z,0
CVE-2025-1099,https://securityvulnerability.io/vulnerability/CVE-2025-1099,Hard-coded RSA Key Vulnerability in TP-Link Tapo C500 Cameras,"The TP-Link Tapo C500 Wi-Fi security cameras, namely versions V1 and V2, are vulnerable due to a hard-coded RSA private key embedded in their firmware. This flaw allows an attacker with physical access to the device to extract these cryptographic keys. Once compromised, these keys can facilitate impersonation attacks, enable data decryption, and allow for man-in-the-middle attacks against the vulnerable device, posing significant risks to the integrity and security of surveillance operations.",Tp-link,"Tapo C500 V1 Wi-fi Camera,Tapo C500 V2 Wi-fi Camera",7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-10T10:44:26.274Z,0
CVE-2024-57514,https://securityvulnerability.io/vulnerability/CVE-2024-57514,Cross-site Scripting Vulnerability in TP-Link Archer A20 Router,"The TP-Link Archer A20 v3 router has a vulnerability that allows for Cross-site Scripting (XSS) attacks through improper handling of directory listing paths in its web interface. When users visit a specially crafted URL, it triggers the rendering of the directory listing and executes arbitrary JavaScript found within the URL. This enables attackers to inject malicious code into the router's web page, allowing the execution of harmful scripts in the victim's browser, which may facilitate additional malicious actions.",TP-Link,Archer A20 Router,4.8,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,false,,2025-01-28T00:00:00.000Z,139
CVE-2025-0730,https://securityvulnerability.io/vulnerability/CVE-2025-0730,Vulnerability in HTTP GET Request Handler of TP-Link TL-SG108E Switch,"A vulnerability has been discovered in the TP-Link TL-SG108E affecting its HTTP GET Request Handler. An unspecified function within /usr_account_set.cgi allows an attacker to exploit the username and password parameters, leading to the exposure of sensitive query strings through the GET request method. This vulnerability can be exploited remotely, making it a significant security concern. While the complexity of this attack is relatively high, the potential for misuse exists as the exploit details have been publicly disclosed. Users are advised to upgrade to the newer version 1.0.0 Build 20250124 Rel. 54920(Beta) to mitigate the risks associated with this vulnerability.",Tp-link,Tl-sg108e,6.3,MEDIUM,0.0005799999926239252,false,,false,false,true,2025-01-27T17:00:13.000Z,true,false,false,,2025-01-27T17:00:13.810Z,0
CVE-2025-0729,https://securityvulnerability.io/vulnerability/CVE-2025-0729,Clickjacking Vulnerability in TP-Link TL-SG108E Network Switch,"A vulnerability exists in the TP-Link TL-SG108E switch that allows attackers to exploit clickjacking techniques. This remote attack can manipulate users into unknowingly interacting with elements of the web interface. Users are strongly advised to upgrade to version 1.0.0 Build 20250124 Rel. 54920(Beta) to mitigate this issue, as the vendor has proactively provided a pre-fix for affected customers.",Tp-link,Tl-sg108e,6.9,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,false,,2025-01-27T17:00:11.408Z,0
CVE-2024-54887,https://securityvulnerability.io/vulnerability/CVE-2024-54887,Buffer Overflow in TP-Link Routers Allowing Code Execution,"The TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier are susceptible to a buffer overflow vulnerability through the dnsserver1 and dnsserver2 parameters located at /userRpm/Wan6to4TunnelCfgRpm.htm. An authenticated attacker can exploit this vulnerability to execute arbitrary code on the device, gaining potentially unauthorized access and control in the context of the root user. This issue emphasizes the need for timely firmware updates and robust security practices for device management.",TP-Link,,8,HIGH,0.0004299999854993075,false,,true,false,true,2025-01-21T17:08:44.000Z,false,false,false,,2025-01-09T20:15:00.000Z,1109
CVE-2024-46341,https://securityvulnerability.io/vulnerability/CVE-2024-46341,Exposed Credential Transmission in TP-Link Router,"The TP-Link TL-WR845N(UN)_V4_190219 is susceptible to a security vulnerability wherein it transmits user credentials in base64 encoded format. This encoding method provides inadequate protection, allowing attackers to easily decode the credentials during a man-in-the-middle attack. Successful exploitation could enable unauthorized access to sensitive information and potentially compromise the affected network.",TP-Link,TL-WR845N(UN),,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T20:15:00.000Z,0
CVE-2024-46340,https://securityvulnerability.io/vulnerability/CVE-2024-46340,Plaintext Credential Transmission in TP-Link Routers,"The TP-Link TL-WR845N routers experience a significant security issue where user credentials are transmitted unencrypted in plaintext following a factory reset. This vulnerability exposes sensitive information that can be intercepted by malicious actors, compromising user account security and overall network integrity. Users of the affected TL-WR845N variants should take immediate precautions and consider updating their devices to mitigate the risks associated with this vulnerability.",TP-Link,TL-WR845N,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T20:15:00.000Z,0
CVE-2024-50699,https://securityvulnerability.io/vulnerability/CVE-2024-50699,Weak Default Administrator Credentials in TP-Link Router Models,"Multiple models of the TP-Link TL-WR845N router have been discovered to implement weak default credentials for the Administrator account. These weak credentials pose a significant security risk, allowing unauthorized access to sensitive configurations and features of the device. Users are strongly encouraged to change the default credentials immediately upon installation to protect their network from potential attacks.",TP-Link,TL-WR845N Router,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-10T19:15:00.000Z,0
CVE-2024-12344,https://securityvulnerability.io/vulnerability/CVE-2024-12344,Memory Corruption Vulnerability in TP-Link VN020 F3v(T) Product,"CVE-2024-12344 represents a severe vulnerability identified in TP-Link's VN020 F3v(T) product line, specifically in firmware version TT_V6.2.1021. The vulnerability is triggered through the FTP USER Command Handler component, leading to potential memory corruption. This flaw can be exploited remotely, allowing attackers to manipulate the system without physical access. Given the public disclosure of the exploit, it is critical for users and administrators to apply necessary security updates and implement protective measures to mitigate risks.",Tp-link,Vn020 F3v(t),9.8,CRITICAL,0.0030799999367445707,false,,false,false,true,2024-12-08T23:15:00.000Z,true,false,false,,2024-12-08T23:15:00.000Z,0
CVE-2024-12343,https://securityvulnerability.io/vulnerability/CVE-2024-12343,Buffer Overflow Vulnerability in TP-Link VN020 F3v(T) SOAP Request Handler,"CVE-2024-12343 identifies a critical buffer overflow vulnerability in the TP-Link VN020 F3v(T) TT_V6.2.1021 associated with the SOAP Request Handler's /control/WANIPConnection endpoint. This vulnerability can be exploited by manipulating the NewConnectionType argument, potentially allowing attackers within the local network to execute arbitrary code or cause a denial of service (DoS). As the exploit has been disclosed publicly, it emphasizes the urgency for users and network administrators to apply necessary patches and mitigate risks associated with this critical vulnerability.",Tp-link,Vn020 F3v(t),8.8,HIGH,0.0007900000200606883,false,,false,false,true,2024-12-08T09:31:05.000Z,true,false,false,,2024-12-08T09:31:05.401Z,0
CVE-2024-12342,https://securityvulnerability.io/vulnerability/CVE-2024-12342,Denial of Service Vulnerability in TP-Link VN020 F3v(T) Devices,"A critical vulnerability has been identified in the TP-Link VN020 F3v(T) devices, specifically in the Incomplete SOAP Request Handler of the /control/WANIPConnection file. This vulnerability can lead to a denial of service (DoS) condition, disrupting the normal operation of the affected devices. The issue can only be exploited from within the local network, thus posing a threat primarily to internal users. The details of this vulnerability have been publicly disclosed, and users are advised to take protective measures to mitigate potential exploitation.",Tp-link,Vn020 F3v(t),6.5,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-12-08T06:31:05.000Z,true,false,false,,2024-12-08T06:31:05.109Z,0
CVE-2024-54127,https://securityvulnerability.io/vulnerability/CVE-2024-54127,Vulnerability in TP-Link Archer C50 Could Allow Access to Wi-Fi Credentials,This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.,Tp-link,Archer C50 Wireless Router,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T12:19:24.519Z,0
CVE-2024-54126,https://securityvulnerability.io/vulnerability/CVE-2024-54126,Vulnerability in TP-Link Archer C50's Firmware Upgrade Process,This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device.,Tp-link,Archer C50 Wireless Router,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T12:14:41.814Z,0
CVE-2024-53375,https://securityvulnerability.io/vulnerability/CVE-2024-53375,Remote Code Execution Vulnerability in TP-Link Archer Routers,"The vulnerability CVE-2024-53375 affects TP-Link routers, allowing attackers to execute remote code and inject malicious commands, leading to potential exploitation of the devices. The vulnerability affects the HomeShield functionality and can be exploited without the installation or activation of the HomeShield functionality. The flaw resides in the firmware of the routers, allowing attackers to execute arbitrary commands with root privileges, gaining full control over the device. It is important for TP-Link users to update their router firmware as soon as TP-Link releases a patch to mitigate the risk of exploitation.",TP-Link,,,,0.0004299999854993075,false,,true,false,true,2024-12-03T08:48:10.000Z,,false,false,,2024-12-02T00:00:00.000Z,0
CVE-2024-53623,https://securityvulnerability.io/vulnerability/CVE-2024-53623,Incorrect Access Control Exposes Sensitive Information in TP-Link ARCHER-C7 v5,"A vulnerability exists in the l_0_0.xml component of the TP-Link ARCHER-C7 v5 router, which may allow unauthorized access to sensitive information. This flaw in access control mechanisms poses a significant threat to user data security and can be exploited by attackers to gain insights into a network's configuration and personal user data. Proper assessment and mitigation strategies are essential to protect devices from potential exploitation.",TP-Link,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-29T00:00:00.000Z,0
CVE-2024-48288,https://securityvulnerability.io/vulnerability/CVE-2024-48288,TP-Link TL-IPC42C V4.0 vulnerable to command injection due to lack of malicious code verification,TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend.,TP-Link,,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-21T18:15:00.000Z,0
CVE-2024-11237,https://securityvulnerability.io/vulnerability/CVE-2024-11237,Stack-based Buffer Overflow in TP-Link VN020 F3v(T) DHCP Component,"A significant security flaw has been identified in the TP-Link VN020 F3v(T) device, specifically within its DHCP DISCOVER packet parser. This vulnerability allows for a stack-based buffer overflow, which could be exploited remotely. Attackers can manipulate the hostname argument, leading to potential unauthorized access and control over affected devices. With the exploit made public, it poses a serious threat to users who have not yet secured their systems. It is vital for organizations using this product to implement necessary security patches and maintain vigilant monitoring to mitigate any risks associated with this vulnerability.",Tp-link,Vn020 F3v(t),9.8,CRITICAL,0.002839999971911311,false,,false,false,true,2024-11-15T12:00:15.000Z,true,false,false,,2024-11-15T12:00:15.886Z,0
CVE-2024-10523,https://securityvulnerability.io/vulnerability/CVE-2024-10523,TP-Link IoT Smart Hub Vulnerability: Wi-Fi Credentials Stored in Plain Text,This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.,Tp-link,Tp-link Tapo H100 Iot Smart Hub,4.6,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-04T12:00:05.802Z,0