High
CVSS: 7.1
The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main se…
Medium
CVSS: 5.1
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information.
Low
CVSS: 2.1
Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account secur…
High
CVSS: 8.3
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.
High
CVSS: 8.5
Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character length via crafted input in the browser dev…
Medium
CVSS: 6.0
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to i…
Medium
CVSS: 5.7
A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user…
High
CVSS: 7.2
Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the a…
Medium
CVSS: 6.3
A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Servi…
Medium
CVSS: 6.9
Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degr…
High
CVSS: 7.1
A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows
an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot.
This issue affects Archer BE400: xi 1.1.0 Build 20250710 re…
Medium
CVSS: 6.0
A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise…
High
CVSS: 8.7
A stack-based buffer overflow vulnerability was identified in the ONVIF SOAP XML Parser in Tapo C200 v3 and C520WS v2.6. When processing XML tags with namespace prefixes, the parser fails to validate the prefix length before copying it to a…
High
CVSS: 8.7
The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of c…
High
CVSS: 7.1
The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive…
Medium
CVSS: 5.7
Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527,
≤
WA850RE V3_160922.
High
CVSS: 7.1
Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527,
≤
WA850RE V3_160922.
High
CVSS: 8.7
An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
Critical
CVSS: 9.3
A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.
Critical
CVSS: 9.3
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.