Vulnerabilities in Tp-Link
112 resultsCVE-2025-40634CRITICALStack-based buffer overflow in TP-Link Archer AX50EPSS 0.6%CVE-2023-50225MEDIUMTP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution VulnerabilityEPSS 0.5%CVE-2024-21773HIGHMultiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to executeEPSS 0.5%CVE-2024-5228HIGHTP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution VulnerabilityEPSS 0.5%CVE-2023-36489—Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions areEPSS 0.5%CVE-2023-38563—Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' alloEPSS 0.5%CVE-2018-15702—The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field.EPSS 0.5%CVE-2024-21821HIGHMultiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute aEPSS 0.4%CVE-2023-38568—Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS EPSS 0.4%CVE-2023-40357HIGHMultiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are aEPSS 0.4%CVE-2025-0729MEDIUMTP-Link TL-SG108E clickjackingEPSS 0.4%CVE-2023-31188HIGHMultiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are aEPSS 0.4%CVE-2023-38588HIGHArcher C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OEPSS 0.4%CVE-2024-38471MEDIUMMultiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring aEPSS 0.4%CVE-2023-37284—Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenEPSS 0.4%CVE-2023-40193—Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitraEPSS 0.4%CVE-2023-39935—Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OEPSS 0.4%CVE-2023-40531—Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to exeEPSS 0.4%CVE-2023-39224—Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated atEPSS 0.4%CVE-2024-5244MEDIUMTP-Link Omada ER605 Reliance on Security Through Obscurity VulnerabilityEPSS 0.3%