cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-54887,https://securityvulnerability.io/vulnerability/CVE-2024-54887,Buffer Overflow in TP-Link Routers Allowing Code Execution,"The TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier are susceptible to a buffer overflow vulnerability through the dnsserver1 and dnsserver2 parameters located at /userRpm/Wan6to4TunnelCfgRpm.htm. An authenticated attacker can exploit this vulnerability to execute arbitrary code on the device, gaining potentially unauthorized access and control in the context of the root user. This issue emphasizes the need for timely firmware updates and robust security practices for device management.",TP-Link,,8,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-09T20:15:00.000Z,574
CVE-2024-46340,https://securityvulnerability.io/vulnerability/CVE-2024-46340,Plaintext Credential Transmission in TP-Link Routers,"The TP-Link TL-WR845N routers experience a significant security issue where user credentials are transmitted unencrypted in plaintext following a factory reset. This vulnerability exposes sensitive information that can be intercepted by malicious actors, compromising user account security and overall network integrity. Users of the affected TL-WR845N variants should take immediate precautions and consider updating their devices to mitigate the risks associated with this vulnerability.",TP-Link,TL-WR845N,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-10T20:15:00.000Z,0
CVE-2024-46341,https://securityvulnerability.io/vulnerability/CVE-2024-46341,Exposed Credential Transmission in TP-Link Router,"The TP-Link TL-WR845N(UN)_V4_190219 is susceptible to a security vulnerability wherein it transmits user credentials in base64 encoded format. This encoding method provides inadequate protection, allowing attackers to easily decode the credentials during a man-in-the-middle attack. Successful exploitation could enable unauthorized access to sensitive information and potentially compromise the affected network.",TP-Link,TL-WR845N(UN),,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-10T20:15:00.000Z,0
CVE-2024-50699,https://securityvulnerability.io/vulnerability/CVE-2024-50699,Weak Default Administrator Credentials in TP-Link Router Models,"Multiple models of the TP-Link TL-WR845N router have been discovered to implement weak default credentials for the Administrator account. These weak credentials pose a significant security risk, allowing unauthorized access to sensitive configurations and features of the device. Users are strongly encouraged to change the default credentials immediately upon installation to protect their network from potential attacks.",TP-Link,TL-WR845N Router,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-10T19:15:00.000Z,0
CVE-2024-12344,https://securityvulnerability.io/vulnerability/CVE-2024-12344,Memory Corruption Vulnerability in TP-Link VN020 F3v(T) Product,"CVE-2024-12344 represents a severe vulnerability identified in TP-Link's VN020 F3v(T) product line, specifically in firmware version TT_V6.2.1021. The vulnerability is triggered through the FTP USER Command Handler component, leading to potential memory corruption. This flaw can be exploited remotely, allowing attackers to manipulate the system without physical access. Given the public disclosure of the exploit, it is critical for users and administrators to apply necessary security updates and implement protective measures to mitigate risks.",Tp-link,Vn020 F3v(t),9.8,CRITICAL,0.0028099999763071537,false,false,false,true,true,false,false,2024-12-08T23:15:00.000Z,0
CVE-2024-12343,https://securityvulnerability.io/vulnerability/CVE-2024-12343,Buffer Overflow Vulnerability in TP-Link VN020 F3v(T) SOAP Request Handler,"CVE-2024-12343 identifies a critical buffer overflow vulnerability in the TP-Link VN020 F3v(T) TT_V6.2.1021 associated with the SOAP Request Handler's /control/WANIPConnection endpoint. This vulnerability can be exploited by manipulating the NewConnectionType argument, potentially allowing attackers within the local network to execute arbitrary code or cause a denial of service (DoS). As the exploit has been disclosed publicly, it emphasizes the urgency for users and network administrators to apply necessary patches and mitigate risks associated with this critical vulnerability.",Tp-link,Vn020 F3v(t),8.8,HIGH,0.0007200000109151006,false,false,false,true,true,false,false,2024-12-08T09:31:05.401Z,0
CVE-2024-12342,https://securityvulnerability.io/vulnerability/CVE-2024-12342,Denial of Service Vulnerability in TP-Link VN020 F3v(T) Devices,"A critical vulnerability has been identified in the TP-Link VN020 F3v(T) devices, specifically in the Incomplete SOAP Request Handler of the /control/WANIPConnection file. This vulnerability can lead to a denial of service (DoS) condition, disrupting the normal operation of the affected devices. The issue can only be exploited from within the local network, thus posing a threat primarily to internal users. The details of this vulnerability have been publicly disclosed, and users are advised to take protective measures to mitigate potential exploitation.",Tp-link,Vn020 F3v(t),6.5,MEDIUM,0.00044999999227002263,false,false,false,true,true,false,false,2024-12-08T06:31:05.109Z,0
CVE-2024-54127,https://securityvulnerability.io/vulnerability/CVE-2024-54127,Vulnerability in TP-Link Archer C50 Could Allow Access to Wi-Fi Credentials,This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system.,Tp-link,Archer C50 Wireless Router,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-05T12:19:24.519Z,0
CVE-2024-54126,https://securityvulnerability.io/vulnerability/CVE-2024-54126,Vulnerability in TP-Link Archer C50's Firmware Upgrade Process,This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device.,Tp-link,Archer C50 Wireless Router,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-05T12:14:41.814Z,0
CVE-2024-53375,https://securityvulnerability.io/vulnerability/CVE-2024-53375,Remote Code Execution Vulnerability in TP-Link Archer Routers,"The vulnerability CVE-2024-53375 affects TP-Link routers, allowing attackers to execute remote code and inject malicious commands, leading to potential exploitation of the devices. The vulnerability affects the HomeShield functionality and can be exploited without the installation or activation of the HomeShield functionality. The flaw resides in the firmware of the routers, allowing attackers to execute arbitrary commands with root privileges, gaining full control over the device. It is important for TP-Link users to update their router firmware as soon as TP-Link releases a patch to mitigate the risk of exploitation.",TP-Link,,,,0.0004299999854993075,false,true,false,true,,false,false,2024-12-02T00:00:00.000Z,0
CVE-2024-53623,https://securityvulnerability.io/vulnerability/CVE-2024-53623,Incorrect Access Control Exposes Sensitive Information in TP-Link ARCHER-C7 v5,"A vulnerability exists in the l_0_0.xml component of the TP-Link ARCHER-C7 v5 router, which may allow unauthorized access to sensitive information. This flaw in access control mechanisms poses a significant threat to user data security and can be exploited by attackers to gain insights into a network's configuration and personal user data. Proper assessment and mitigation strategies are essential to protect devices from potential exploitation.",TP-Link,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-11-29T00:00:00.000Z,0
CVE-2024-48288,https://securityvulnerability.io/vulnerability/CVE-2024-48288,TP-Link TL-IPC42C V4.0 vulnerable to command injection due to lack of malicious code verification,TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend.,TP-Link,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-11-21T18:15:00.000Z,0
CVE-2024-11237,https://securityvulnerability.io/vulnerability/CVE-2024-11237,Stack-based Buffer Overflow in TP-Link VN020 F3v(T) DHCP Component,"A significant security flaw has been identified in the TP-Link VN020 F3v(T) device, specifically within its DHCP DISCOVER packet parser. This vulnerability allows for a stack-based buffer overflow, which could be exploited remotely. Attackers can manipulate the hostname argument, leading to potential unauthorized access and control over affected devices. With the exploit made public, it poses a serious threat to users who have not yet secured their systems. It is vital for organizations using this product to implement necessary security patches and maintain vigilant monitoring to mitigate any risks associated with this vulnerability.",Tp-link,Vn020 F3v(t),9.8,CRITICAL,0.002839999971911311,false,false,false,true,true,false,false,2024-11-15T12:00:15.886Z,0
CVE-2024-10523,https://securityvulnerability.io/vulnerability/CVE-2024-10523,TP-Link IoT Smart Hub Vulnerability: Wi-Fi Credentials Stored in Plain Text,This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device.,Tp-link,Tp-link Tapo H100 Iot Smart Hub,4.6,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-11-04T12:00:05.802Z,0
CVE-2024-22733,https://securityvulnerability.io/vulnerability/CVE-2024-22733,Null Pointer Dereference Vulnerability in TP Link MR200 V4 Firmware,"The TP Link MR200 V4 Firmware version 210201 contains a vulnerability characterized by a null-pointer-dereference in its web administration panel. This issue is triggered through the sign, Action, or LoginStatus query parameters, which may potentially enable an unauthenticated attacker to cause a denial of service (DoS). This vulnerability poses a risk to the device's availability and could disrupt network services, making it imperative for users of affected firmware versions to apply necessary updates to mitigate potential exploitations.",Tp-link,Mr200 Firmware,7.5,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-11-01T00:00:00.000Z,0
CVE-2024-48710,https://securityvulnerability.io/vulnerability/CVE-2024-48710,Stack Overflow Vulnerability in TP-Link TL-WDR7660 Router,"The TP-Link TL-WDR7660 1.0 router contains a vulnerability in the wlanTimerRuleJsonToBin function that processes parameter strings without appropriate validation. This oversight can allow an attacker to exploit the function, leading to stack overflow conditions. Such vulnerabilities could provide avenues for unauthorized execution of code or denial of service, jeopardizing the security and reliability of the affected network equipment.",TP-Link,TL-WDR7660,,,0.0004299999854993075,false,false,false,false,,false,false,2024-10-15T21:15:00.000Z,0
CVE-2024-48713,https://securityvulnerability.io/vulnerability/CVE-2024-48713,Stack Overflow Vulnerability in TP-Link TL-WDR7660 Router,"A stack overflow vulnerability exists in the TP-Link TL-WDR7660 version 1.0 due to inadequate validation of the parameter string in the wacWhitelistJsonToBin function. This oversight can be exploited by an attacker to craft malicious input, potentially leading to denial of service or remote code execution. It is essential for users of this device to implement security measures and stay updated with the latest firmware to mitigate risks.",TP-Link,TL-WDR7660,,,0.0004299999854993075,false,false,false,false,,false,false,2024-10-15T21:15:00.000Z,0
CVE-2024-48714,https://securityvulnerability.io/vulnerability/CVE-2024-48714,Stack Overflow Vulnerability in TP-Link TL-WDR7660 Router,"The TP-Link TL-WDR7660 v1.0 is exposed to a stack overflow vulnerability due to inadequate validation of the parameter string name in the guestRuleJsonToBin function. This oversight allows malicious actors to exploit the flaw, potentially leading to unauthorized access and control over the device. It is crucial for users to be aware of this risk to implement necessary security measures and ensure the integrity of their network.",TP-Link,TL-WDR7660,,,0.0004299999854993075,false,false,false,false,,false,false,2024-10-15T21:15:00.000Z,0
CVE-2024-48712,https://securityvulnerability.io/vulnerability/CVE-2024-48712,Stack Overflow Vulnerability in TP-Link Routers,"In the TP-Link TL-WDR7660 version 1.0, a vulnerability exists in the rtRuleJsonToBin function, which processes parameter string names without adequate validation. This oversight may allow attackers to exploit the router's stack, potentially leading to unauthorized access or system crashes.",TP-Link,TL-WDR7660,,,0.0004299999854993075,false,false,false,false,,false,false,2024-10-15T21:15:00.000Z,0
CVE-2024-46325,https://securityvulnerability.io/vulnerability/CVE-2024-46325,Stack Overflow Vulnerability in TP-Link Router WR740N V6,"The TP-Link WR740N V6 router is exposed to a stack overflow vulnerability that can be exploited through the 'ssid' parameter in the URL /userRpm/popupSiteSurveyRpm.htm. This security flaw can allow an attacker to potentially execute arbitrary code, impacting the integrity and confidentiality of network communications. Users should ensure their firmware is updated and follow best practices for network security.",TP-Link,WR740N V6,,,0.0004299999854993075,false,false,false,false,,false,false,2024-10-07T13:15:00.000Z,0
CVE-2024-46486,https://securityvulnerability.io/vulnerability/CVE-2024-46486,TP-LINK TL-WDR5620 v2.3 vulnerable to remote code execution,TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function.,TP-LINK,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-10-04T17:15:00.000Z,0
CVE-2024-35495,https://securityvulnerability.io/vulnerability/CVE-2024-35495,Information Disclosure Vulnerability in TP-Link Devices Allows Attackers to Observe Device State via Network Traffic,An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing network traffic.,TP-Link,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-09-30T18:15:00.000Z,0
CVE-2024-46549,https://securityvulnerability.io/vulnerability/CVE-2024-46549,Impersonation of Devices Allows Attacks in TP-Link MQTT Broker and API Gateway,An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.,TP-Link,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-09-30T17:15:00.000Z,0
CVE-2024-46548,https://securityvulnerability.io/vulnerability/CVE-2024-46548,Vulnerability in TP-Link Devices Allows for Eavesdropping and Data Access,"TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middle attack.",TP-Link,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-09-30T17:15:00.000Z,0
CVE-2024-46313,https://securityvulnerability.io/vulnerability/CVE-2024-46313,Stack Overflow Vulnerability Affects TP-Link WR941ND V6,TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm.,TP-Link,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-09-30T15:15:00.000Z,0