Tp Link
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Tp Link product.
RSS Feeds for Tp Link security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Tp Link products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Tp Link Sorted by Most Security Vulnerabilities since 2018
Known Exploited Tp Link Vulnerabilities
The following Tp Link vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability |
TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored credentials. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2023-50224 Exploit Probability: 1.5% |
September 3, 2025 |
| TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability |
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2025-9377 Exploit Probability: 15.6% |
September 3, 2025 |
| TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability |
TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2020-24363 Exploit Probability: 11.8% |
September 2, 2025 |
| TP-Link Multiple Routers Command Injection Vulnerability |
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2023-33538 Exploit Probability: 91.5% |
June 16, 2025 |
| TP-Link Archer AX-21 Command Injection Vulnerability |
TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution. CVE-2023-1389 Exploit Probability: 93.6% |
May 1, 2023 |
| TP-Link Multiple Archer Devices Directory Traversal Vulnerability |
Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. CVE-2015-3035 Exploit Probability: 92.9% |
March 25, 2022 |
Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 78 vulnerabilities in Tp Link. Last year, in 2025 Tp Link had 31 security vulnerabilities published. That is, 47 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 78 | 0.00 |
| 2025 | 31 | 7.29 |
| 2024 | 58 | 7.46 |
| 2023 | 39 | 8.55 |
| 2022 | 11 | 7.00 |
| 2021 | 0 | 0.00 |
| 2020 | 12 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 7 | 9.80 |
It may take a day or so for new Tp Link vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tp Link Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-30818 | Apr 08, 2026 |
OS Command Injection in TP-Link Archer AX53 dnsmasq v1.0 (before 1.7.1)An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute arbitrary code when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow the attacker to modify device configuration, access sensitive information, or further compromise system integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213. |
|
| CVE-2026-30817 | Apr 08, 2026 |
Fileread CVE-2026-30817 in TPLink AX53 OpenVPN module before v1.7.1An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary files when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213. |
|
| CVE-2026-30816 | Apr 08, 2026 |
TP-Link AX53 v1.0 OpenVPN Module eXternal Config Control File DisclosureAn external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjacent attacker to read arbitrary file when a malicious configuration file is processed. Successful exploitation may allow unauthorized access to arbitrary files on the device, potentially exposing sensitive information.This issue affects AX53 v1.0: before 1.7.1 Build 20260213. |
|
| CVE-2026-30815 | Apr 08, 2026 |
OpenVPN OS Command Injection in TP-Link Archer AX53 v1.0 (before 1.7.1)An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to execute system commands when a specially crafted configuration file is processed due to insufficient input validation. Successful exploitation may allow modification of configuration files, disclosure of sensitive information, or further compromise of device integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213. |
|
| CVE-2026-30814 | Apr 08, 2026 |
TP-Link Archer AX53 tmpServer Stack Buffer Overflow (v1.0)A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow arbitrary code execution, enabling modification of device state, exposure of sensitive data, or further compromise of device integrity. This issue affects AX53 v1.0: before 1.7.1 Build 20260213. |
|
| CVE-2026-34124 | Apr 02, 2026 |
DoS via HTTP Path Normalization in TP-Link Tapo C520WS v2.6A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent network may send a crafted HTTP request to cause buffer overflow and memory corruption, leading to system interruption or device reboot. |
Tapo
|
| CVE-2026-34122 | Apr 02, 2026 |
TP-Link Tapo C520WS v2.6 Stack Buffer Overflow in Config HandlingA stack-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within a configuration handling component due to insufficient input validation. An attacker can exploit this vulnerability by supplying an excessively long value for a vulnerable configuration parameter, resulting in a stack overflow. Successful exploitation results in Denial-of-Service (DoS) condition, leading to a service crash or device reboot, impacting availability. |
Tapo
|
| CVE-2026-34121 | Apr 02, 2026 |
TP-Link Tapo C520WS 2.6 Auth Bypass in DS Config HTTPAn authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an authentication-exempt action to a request containing privileged DS do actions, bypassing authorization checks. Successful exploitation allows unauthenticated execution of restricted configuration actions, which may result in unauthorized modification of device state. |
Tapo
|
| CVE-2026-34120 | Apr 02, 2026 |
Heap Buffer Overflow in TP-Link Tapo C520WS v2.6 Causing DoSA heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries. Successful exploitation causes a Denial-of-Service (DoS) condition, causing the devices process to crash or become unresponsive. |
Tapo
|
| CVE-2026-34119 | Apr 02, 2026 |
TP-Link Tapo C520WS v2.6 HTTP parse heap overflow DoSA heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous writeboundary verification, due to insufficient boundary validation when handling externally supplied HTTP input. An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries. Successful exploitation causes a Denial-of-Service (DoS) condition, causing the devices process to crash or become unresponsive. |
Tapo
|
| CVE-2026-34118 | Apr 02, 2026 |
TP-Link Tapo C520WS v2.6 Heap Buffer Overflow in HTTP POST Parsing (DoS)A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input. An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries. Successful exploitation causes a Denial-of-Service (DoS) condition, causing the devices process to crash or become unresponsive. |
Tapo
|
| CVE-2026-4346 | Mar 26, 2026 |
TL-WR850N v3: Cleartext Admin/Wi-Fi Credentials via Weak Serial AuthThe vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the devices flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the serial port can recover sensitive information, including the routers management password and wireless network key. Successful exploitation can lead to full administrative control of the device and unauthorized access to the associated wireless network. |
|
| CVE-2026-3622 | Mar 26, 2026 |
TL-WR841N v14 UPnP OOB Read Leading to DoS (CVE-2026-3622)The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This vulnerability affects TL-WR841N v14 < EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and < US_0.9.1.4.19 Build 260312 Rel. 49108n (V14_0304). |
|
| CVE-2025-15606 | Mar 23, 2026 |
TP-Link TD-W8961N v4.0 HTTPD DoS via Improper Input SanitizationA Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption, resulting in a DoS condition. |
|
| CVE-2025-15605 | Mar 23, 2026 |
TP-Link Archer NX Series Hardcoded Key Allows Config Decryption (CVE-2025-15605)A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data. |
|
| CVE-2025-15519 | Mar 23, 2026 |
TP-Link Archer NX CLI OS Command Injection via Improper InputImproper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device. |
|
| CVE-2025-15518 | Mar 23, 2026 |
TP-Link Archer CLI Command Injection via Wireless-ControlImproper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the operating system, impacting the confidentiality, integrity, and availability of the device. |
|
| CVE-2025-15517 | Mar 23, 2026 |
TP-Link Archer NX Unauth HTTP CGI Firmware Upload (CVE-2025-15517)A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An attacker may perform privileged HTTP actions without authentication, including firmware upload and configuration operations. |
|
| CVE-2025-15608 | Mar 20, 2026 |
TP-Link AX53 v1 - Stack Buffer Overflow RCE via Unsanitized Probe InputThis vulnerability in AX53 v1 results from insufficient input sanitization in the devices probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques. Successful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device. |
|
| CVE-2025-15607 | Mar 20, 2026 |
Command Injection in TP-Link AX53 v1 mscd Debug Enables Full Device CompromiseA command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commands. Successful exploitation may allow execution of malicious commands and ultimately full control of the device. |
|
| CVE-2026-3227 | Mar 13, 2026 |
TP-Link Router Config Import Command InjectionA command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing. Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise. |
|
| CVE-2026-1668 | Mar 13, 2026 |
Omada Switch Web Interface RCE via Unvalidated InputThe web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service. |
|
| CVE-2026-3841 | Mar 12, 2026 |
TL-MR6400 v5.3 CLI Command Injection Allows Full Device CompromiseA command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute arbitrary system commands. Successful exploitation may lead to full device compromise, including potential loss of confidentiality, integrity, and availability. |
|
| CVE-2025-15568 | Mar 09, 2026 |
Archer AXE75 Web Module Command Injection (v1.6/1.0) RCE in sysmode=apA command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation results in root-level privileges and impacts confidentiality, integrity and availability of the device. This issue affects Archer AXE75 v1.6/v1.0: through 1.3.2 Build 20250107. |
|
| CVE-2025-7375 | Mar 05, 2026 |
Omada EAP610 HTTP DoS via crafted requests (v<1.6.0) TP-LinkA denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the devices HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610 firmware versions prior to 1.6.0. |
|
| CVE-2026-0654 | Mar 02, 2026 |
TP-Link Deco BE25 v1.0/1.1.1 OS Command Injection via Admin WebImproper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availability of the device. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822. |
|
| CVE-2026-0655 | Mar 02, 2026 |
TP-Link Deco BE25 1.0-1.1.1 Path Traversal via Web ModulesImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822. |
|
| CVE-2025-9293 | Feb 13, 2026 |
TLS Cert Validation Flaw Enabling Acceptance of Untrusted Server IdentitiesA vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data. |
Tapo
Omada
Festa
And others... |
| CVE-2025-9292 | Feb 13, 2026 |
TP-Link Omada Cloud Controller CORS BypassA permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could allow unauthorized disclosure of sensitive information. Fixed in updated Omada Cloud Controller service versions deployed automatically by TPLink. No user action is required. |
Omada
|
| CVE-2026-1571 | Feb 11, 2026 |
Arbitrary JS execution via reflected XSS in TP-Link Archer C60 v3 UIUser-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended actions if a privileged user is targeted. |
|
| CVE-2026-0651 | Feb 10, 2026 |
TP-Link Tapo C260 v1 Path Traversal via HTTPS GETA path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP servers handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization fails. An attacker can exploit this logic flaw by supplying crafted, URL encoded traversal sequences that bypass directory restrictions and allow access to files outside the intended web root. Successful exploitation may allow authenticated attackers to get disclosure of sensitive system files and credentials, while unauthenticated attackers may gain access to non-sensitive static assets. |
Tapo
|
| CVE-2026-0652 | Feb 10, 2026 |
TP-Link Tapo C260 v1 cmd injection via config sync POST paramOn TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cause full device compromise. |
Tapo
|
| CVE-2026-0653 | Feb 10, 2026 |
Tapo C260 v1 Guest Auth Bypass via Sync Endpoint (CVE-2026-0653)On TP-Link Tapo C260 v1 and D235 v1, a guestlevel authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration parameters without authorization, resulting in unauthorized device state manipulation but not full code execution. |
Tapo
|
| CVE-2025-15557 | Feb 05, 2026 |
TP-Link Tapo H100/P100 Improper Cert Store CVE-2025-15557An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations. |
Tapo
|
| CVE-2025-15551 | Feb 05, 2026 |
TP-Link MR200 v5.2 eval XSS in Admin Web PortalThe response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge. |
|
| CVE-2025-62673 | Feb 03, 2026 |
TP-Link Archer AX53 v1.01.3.1 Heap Buffer Overflow in tdpserverHeap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-62501 | Feb 03, 2026 |
TP-Link Archer AX53 SSH Hostkey misconfig allows MITM credential theftSSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially crafted maninthemiddle (MITM) attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-62405 | Feb 03, 2026 |
Archer AX53 v1.0-1.3.1 Heap Buffer Overflow in tmpserver (CVE-2025-62405)Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-62404 | Feb 03, 2026 |
TP-Link Archer AX53 v1.01.3.1 Heap Overflow tmpserverHeap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-61983 | Feb 03, 2026 |
TP-Link Archer AX53 v1.0-1.3.1 Heap Buffer Overflow in tmpserverHeap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zerolength values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-61944 | Feb 03, 2026 |
TP-Link Archer AX53 tmpserver Heap Overflow 1.0-1.3.1 Build 20241120Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zerolength values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-59487 | Feb 03, 2026 |
TP-Link Archer AX53 v1.x tmpserver Heap BOF (CVE-2025-59487)Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset is used to determine the write location in memory. By crafting a packet with a manipulated field offset, an attacker can redirect writes to arbitrary memory locations.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-59482 | Feb 03, 2026 |
TP-Link Archer AX53 v1.0-1.3.1: Heap-Overflow in tmpserverHeap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-58455 | Feb 03, 2026 |
TP-Link Archer AX53 v1.0 Heap BUF Overflow in tmpserver - Auth AttackHeap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-58077 | Feb 03, 2026 |
TP-Link Archer AX53 v1.0 Heap-BO in tmpserver enabling code execHeap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2026-0620 | Feb 03, 2026 |
Archer AXE75 L2TP/IPSec VPN Config Leak Exposes Plaintext TrafficWhen configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality. |
|
| CVE-2026-22228 | Feb 03, 2026 |
DoS via Crafted Config Restore in TP-Link BE230 v1.2 (Pre-1.2.4)An authenticated user with high privileges may trigger a denialofservice condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. |
|
| CVE-2026-22220 | Feb 03, 2026 |
TP-Link Archer BE230 v1.2 Web Module DoS via HTTP ValidationA lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the devices web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the devices web interface to temporarily stop responding until it recovers or is rebooted. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. |
|
| CVE-2026-22229 | Feb 02, 2026 |
Command Injection via VPN Import in TP-Link Archer BE230 v1.2A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Deco BE25 v1.0: through 1.1.1 Build 20250822. |
|
| CVE-2026-22227 | Feb 02, 2026 |
Cmd Injection in TP-Link Archer BE230 v1.2 Config-Bk Restore < 1.2.4A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. |