Tp Link
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Tp Link product.
RSS Feeds for Tp Link security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Tp Link products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Tp Link Sorted by Most Security Vulnerabilities since 2018
Known Exploited Tp Link Vulnerabilities
The following Tp Link vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability |
TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored credentials. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2023-50224 Exploit Probability: 1.5% |
September 3, 2025 |
| TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability |
TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2025-9377 Exploit Probability: 15.6% |
September 3, 2025 |
| TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability |
TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2020-24363 Exploit Probability: 11.8% |
September 2, 2025 |
| TP-Link Multiple Routers Command Injection Vulnerability |
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. CVE-2023-33538 Exploit Probability: 91.3% |
June 16, 2025 |
| TP-Link Archer AX-21 Command Injection Vulnerability |
TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution. CVE-2023-1389 Exploit Probability: 93.5% |
May 1, 2023 |
| TP-Link Multiple Archer Devices Directory Traversal Vulnerability |
Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. CVE-2015-3035 Exploit Probability: 92.9% |
March 25, 2022 |
Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 58 vulnerabilities in Tp Link. Last year, in 2025 Tp Link had 31 security vulnerabilities published. That is, 27 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 58 | 0.00 |
| 2025 | 31 | 7.31 |
| 2024 | 58 | 7.46 |
| 2023 | 39 | 8.55 |
| 2022 | 11 | 7.00 |
| 2021 | 0 | 0.00 |
| 2020 | 12 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 7 | 9.80 |
It may take a day or so for new Tp Link vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tp Link Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-3227 | Mar 13, 2026 |
TP-Link Router Config Import Command InjectionA command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing. Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise. |
|
| CVE-2026-1668 | Mar 13, 2026 |
Omada Switch Web Interface RCE via Unvalidated InputThe web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service. |
|
| CVE-2026-3841 | Mar 12, 2026 |
TL-MR6400 v5.3 CLI Command Injection Allows Full Device CompromiseA command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute arbitrary system commands. Successful exploitation may lead to full device compromise, including potential loss of confidentiality, integrity, and availability. |
|
| CVE-2025-15568 | Mar 09, 2026 |
Archer AXE75 Web Module Command Injection (v1.6/1.0) RCE in sysmode=apA command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation results in root-level privileges and impacts confidentiality, integrity and availability of the device. This issue affects Archer AXE75 v1.6/v1.0: through 1.3.2 Build 20250107. |
|
| CVE-2025-7375 | Mar 05, 2026 |
Omada EAP610 HTTP DoS via crafted requests (v<1.6.0) TP-LinkA denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the devices HTTP service to crash. This results in temporary service unavailability until the device is rebooted. This issue affects Omada EAP610 firmware versions prior to 1.6.0. |
|
| CVE-2026-0654 | Mar 02, 2026 |
TP-Link Deco BE25 v1.0/1.1.1 OS Command Injection via Admin WebImproper input handling in the administration web interface on TP-Link Deco BE25 v1.0 allows crafted input to be executed as part of an OS command. An authenticated adjacent attacker may execute arbitrary commands via crafted configuration file, impacting confidentiality, integrity and availability of the device. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822. |
|
| CVE-2026-0655 | Mar 02, 2026 |
TP-Link Deco BE25 1.0-1.1.1 Path Traversal via Web ModulesImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822. |
|
| CVE-2025-9293 | Feb 13, 2026 |
TLS Cert Validation Flaw Enabling Acceptance of Untrusted Server IdentitiesA vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the communication channel. Successful exploitation may compromise confidentiality, integrity, and availability of application data. |
Tapo
Omada
Festa
|
| CVE-2025-9292 | Feb 13, 2026 |
TP-Link Omada Cloud Controller CORS BypassA permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful exploitation could allow unauthorized disclosure of sensitive information. Fixed in updated Omada Cloud Controller service versions deployed automatically by TPLink. No user action is required. |
Omada
|
| CVE-2026-1571 | Feb 11, 2026 |
Arbitrary JS execution via reflected XSS in TP-Link Archer C60 v3 UIUser-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential theft, session hijacking, or unintended actions if a privileged user is targeted. |
|
| CVE-2026-0651 | Feb 10, 2026 |
TP-Link Tapo C260 v1 Path Traversal via HTTPS GETOn TP-Link Tapo C260 v1 and D235 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacker on the local network can determine whether certain files exists on the device, with no read, write or code execution possibilities. |
Tapo
|
| CVE-2026-0652 | Feb 10, 2026 |
TP-Link Tapo C260 v1 cmd injection via config sync POST paramOn TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cause full device compromise. |
Tapo
|
| CVE-2026-0653 | Feb 10, 2026 |
Tapo C260 v1 Guest Auth Bypass via Sync Endpoint (CVE-2026-0653)On TP-Link Tapo C260 v1 and D235 v1, a guestlevel authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration parameters without authorization, resulting in unauthorized device state manipulation but not full code execution. |
Tapo
|
| CVE-2025-15557 | Feb 05, 2026 |
TP-Link Tapo H100/P100 Improper Cert Store CVE-2025-15557An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations. |
Tapo
|
| CVE-2025-15551 | Feb 05, 2026 |
TP-Link MR200 v5.2 eval XSS in Admin Web PortalThe response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge. |
|
| CVE-2025-62673 | Feb 03, 2026 |
TP-Link Archer AX53 v1.01.3.1 Heap Buffer Overflow in tdpserverHeap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-62501 | Feb 03, 2026 |
TP-Link Archer AX53 SSH Hostkey misconfig allows MITM credential theftSSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially crafted maninthemiddle (MITM) attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-62405 | Feb 03, 2026 |
Archer AX53 v1.0-1.3.1 Heap Buffer Overflow in tmpserver (CVE-2025-62405)Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-62404 | Feb 03, 2026 |
TP-Link Archer AX53 v1.01.3.1 Heap Overflow tmpserverHeap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-61983 | Feb 03, 2026 |
TP-Link Archer AX53 v1.0-1.3.1 Heap Buffer Overflow in tmpserverHeap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zerolength values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-61944 | Feb 03, 2026 |
TP-Link Archer AX53 tmpserver Heap Overflow 1.0-1.3.1 Build 20241120Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zerolength values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-59487 | Feb 03, 2026 |
TP-Link Archer AX53 v1.x tmpserver Heap BOF (CVE-2025-59487)Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset is used to determine the write location in memory. By crafting a packet with a manipulated field offset, an attacker can redirect writes to arbitrary memory locations.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-59482 | Feb 03, 2026 |
TP-Link Archer AX53 v1.0-1.3.1: Heap-Overflow in tmpserverHeap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-58455 | Feb 03, 2026 |
TP-Link Archer AX53 v1.0 Heap BUF Overflow in tmpserver - Auth AttackHeap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2025-58077 | Feb 03, 2026 |
TP-Link Archer AX53 v1.0 Heap-BO in tmpserver enabling code execHeap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network packets containing an excessive number of host entries This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
|
| CVE-2026-0620 | Feb 03, 2026 |
Archer AXE75 L2TP/IPSec VPN Config Leak Exposes Plaintext TrafficWhen configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality. |
|
| CVE-2026-22228 | Feb 03, 2026 |
DoS via Crafted Config Restore in TP-Link BE230 v1.2 (Pre-1.2.4)An authenticated user with high privileges may trigger a denialofservice condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. |
|
| CVE-2026-22220 | Feb 03, 2026 |
TP-Link Archer BE230 v1.2 Web Module DoS via HTTP ValidationA lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the devices web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the devices web interface to temporarily stop responding until it recovers or is rebooted. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. |
|
| CVE-2026-22229 | Feb 02, 2026 |
Command Injection via VPN Import in TP-Link Archer BE230 v1.2A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2 and Deco BE25 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Deco BE25 v1.0: through 1.1.1 Build 20250822. |
|
| CVE-2026-22227 | Feb 02, 2026 |
Cmd Injection in TP-Link Archer BE230 v1.2 Config-Bk Restore < 1.2.4A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. |
|
| CVE-2026-22226 | Feb 02, 2026 |
TP-Link Archer BE230 VPN Server cmd Injection <1.2.4A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. |
|
| CVE-2026-22225 | Feb 02, 2026 |
Archer BE230 v1.2: VPN ConnSvc Cmd Injection Before v1.2.4A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. |
|
| CVE-2026-22224 | Feb 02, 2026 |
TP-Link Archer BE230 v1.2 <1.2.4: Cloud UI CMD INJ Exposed AdminA command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. |
|
| CVE-2026-22222 | Feb 02, 2026 |
TP-Link Archer BE230 v1.2 OS Command Injection in web modules pre-1.2.4An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. |
|
| CVE-2026-0631 | Feb 02, 2026 |
TP-Link Archer BE230 1.2 OS Command Injection in VPN modulesAn OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. |
|
| CVE-2026-0630 | Feb 02, 2026 |
OS Command Injection in TP-Link Archer BE230 v1.2 Web Modules (before 1.2.4)An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. |
|
| CVE-2026-22221 | Feb 02, 2026 |
OS Command Injection in TP-Link Archer BE230 v1.2 (vpn modules)An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This CVE covers one of multiple distinct OS command injection issues identified across separate code paths. Although similar in nature, each instance is tracked under a unique CVE ID.This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. |
|
| CVE-2026-1457 | Jan 29, 2026 |
TP-Link VIGI C385 V1 WebAPI Auth Buffer Overflow RCEAn authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges. |
|
| CVE-2025-15548 | Jan 29, 2026 |
TP-Link VX800v v1.0 Web UI Sends Sensitive Info Over Unencrypted HTTPSome VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality. |
|
| CVE-2025-15543 | Jan 29, 2026 |
TP-Link VX800v v1.0: Improper link resolution in USB HTTP path exposes root fsImproper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access readonly access to system files. |
|
| CVE-2025-15542 | Jan 29, 2026 |
TP-Link VX800v v1.0 SIP DoS via INVITE FloodImproper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls. |
|
| CVE-2025-15541 | Jan 29, 2026 |
TP-Link VX800v v1.0 SFTP Improper Link Resolution Allows Local Adjacent AccessImproper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk. |
|
| CVE-2025-13399 | Jan 29, 2026 |
TP-Link VX800v v1.0 Weak AES Key Brute ForceA weakness in the web interfaces application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality, integrity, and availability of transmitted data. |
|
| CVE-2025-15545 | Jan 29, 2026 |
TP-Link Router RCE via Backup Shell Tag InjectionThe backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability. |
|
| CVE-2026-1315 | Jan 27, 2026 |
Tapo C220/C520WS v1/v2: Unauth FW Update DoS via core service terminationBy sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or application initiated restart to restore normal device operation. |
Tapo
|
| CVE-2026-0919 | Jan 27, 2026 |
Tapo Camera HTTP Parser Crash via Long URL => DoSThe HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalidURL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can force repeated service crashes or device reboots, causing denial of service. |
Tapo
|
| CVE-2026-0918 | Jan 27, 2026 |
Tapo Cameras HTTP Content-Length DOS via Null PointerThe Tapo C220 v1 and C520WS v2 cameras HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can repeatedly crash the service, causing temporary denial of service. The device restarts automatically, and repeated requests can keep it unavailable. |
Tapo
|
| CVE-2025-9522 | Jan 26, 2026 |
Blind SSRF via Webhook in TP-Link Omada ControllersBlind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information. |
Omada
|
| CVE-2025-9521 | Jan 26, 2026 |
TP-Link Omada Controller Password Confirmation BypassPassword Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the users password without proper confirmation, leading to weakened account security. |
Omada
|
| CVE-2025-9520 | Jan 26, 2026 |
IDOR in TP-Link Omada Controller Enables Admin to Hijack OwnerAn IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account. |
Omada
|