tp-link
523 tracked vulnerabilities.
CVE-2026-22220
MEDIUM
TP-Link Archer BE230 < 1.2.4 - Denial of Service via HTTP Request
Feb 03, 2026
CVSS 4.5
EPSS 0.00
CVE-2026-22229
HIGH
TP-Link Archer BE230 v1.2 < 1.2.4 - Authenticated OS Command Injection via VPN Client Configuration Import
Feb 02, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-22227
HIGH
TP-Link Archer BE230 < 1.2.4 - Authenticated OS Command Injection via Configuration Backup Restoration
Feb 02, 2026
CVSS 7.2
EPSS 0.01
CVE-2026-22226
HIGH
TP-Link Archer BE230 < 1.2.4 - Authenticated OS Command Injection in VPN Server Configuration
Feb 02, 2026
CVSS 7.2
EPSS 0.01
CVE-2026-22225
HIGH
TP-Link Archer BE230 v1.2 < 1.2.4 and AXE75 v1.0 < 1.5.3 - Authenticated OS Command Injection in VPN Connection Service
Feb 02, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-22224
HIGH
TP-Link Archer BE230 v1.2 < 1.2.4 - Authenticated OS Command Injection via Cloud Communication Interface
Feb 02, 2026
CVSS 7.2
EPSS 0.01
CVE-2026-22223
HIGH
TP-Link Archer BE230 v1.2 < 1.2.4 - Authenticated OS Command Injection
Feb 02, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-22222
HIGH
TP-Link Archer BE230 < 1.2.4 - Authenticated OS Command Injection
Feb 02, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-22221
HIGH
TP-Link Archer BE230 v1.2 < 1.2.4 - Authenticated OS Command Injection in VPN Modules
Feb 02, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-0631
HIGH
TP-Link Archer BE230 v1.2 < 1.2.4 - Authenticated OS Command Injection in VPN Modules
Feb 02, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-0630
HIGH
TP-Link Archer BE230 v1.2 < 1.2.4 and AXE75 v1.0 < 1.5.3 - Authenticated OS Command Injection
Feb 02, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-1457
HIGH
TP-Link VIGI C385 V1 - Buffer Overflow
Jan 29, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-1315
HIGH
TP-Link Tapo C220 and C520WS Firmware - Unauthenticated Denial of Service via Firmware Update Endpoint
Jan 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0919
HIGH
TP-Link Tapo C210 v3 C220 v1 C520WS v2 - Unauthenticated Denial of Service via Long URL Path
Jan 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0918
HIGH
TP-Link Tapo C100 v5 C220 v1 C520WS v2 - Unauthenticated Denial of Service via Large Content-Length Header
Jan 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0834
HIGH
TP-Link Archer C20 v5/v6, AX53 v1, TL-WR841N v13 - Unauthenticated RCE via TDDP
Jan 21, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-15606
HIGH
Denial of Service (DoS) in HTTPD Input Handling on TP-Link TD-W8961N
Mar 23, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-15605
HIGH
Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600
Mar 23, 2026
CVSS 7.3
EPSS 0.00
CVE-2025-15519
HIGH
Command Injection in Modem Management CLI on TP-Link Archer NX200, NX210, NX500 and NX600
Mar 23, 2026
CVSS 7.2
EPSS 0.00
CVE-2025-15518
HIGH
Command Injection in Wireless Control CLI on TP-Link Archer NX200, NX210, NX500 and NX600
Mar 23, 2026
CVSS 7.2
EPSS 0.00
CVE-2025-15517
HIGH
Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600
Mar 23, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-15608
CRITICAL
Buffer Overflow in Network Probe Handling Function of TP-Link Archer AX53
Mar 20, 2026
CVSS 9.8
EPSS 0.00
CVE-2025-15607
CRITICAL
Authenticated Command Injection in mcsd Service of TP-Link Archer AX53
Mar 20, 2026
CVSS 9.8
EPSS 0.00
CVE-2025-15568
HIGH
Archer AXE75 v1.6/v1.0 - Command Injection
Mar 09, 2026
CVSS 8.0
EPSS 0.00
CVE-2025-7375
MEDIUM
Omada EAP610 Firmware < 1.6.0 - Denial of Service via Crafted HTTP Requests
Mar 05, 2026
CVSS 6.5
EPSS 0.00
Products
tl-wr886n_firmware 39
tl-wr841n_firmware 38
er5110g_firmware 25
er5120g_firmware 25
er5510g_firmware 25
er5520g_firmware 25
r4149g_firmware 25
r4239g_firmware 25
r4299g_firmware 25
r473_firmware 25
r473g_firmware 25
r473gp-ac_firmware 25
r473p-ac_firmware 25
r478\+_firmware 25
r478_firmware 25
r478g\+_firmware 25
r483_firmware 25
r483g_firmware 25
r488_firmware 25
war1300l_firmware 25
war1750l_firmware 25
war2600l_firmware 25
war302_firmware 25
war450_firmware 25
war450l_firmware 25
war458_firmware 25
war458l_firmware 25
war900l_firmware 25
wvr1300g_firmware 25
wvr1300l_firmware 25
Quick Filters