tp-link

535 tracked vulnerabilities.

CVE-2026-34118 MEDIUM
Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS
Apr 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-4346 MEDIUM
Cleartext Storage of Administrative and Wi-Fi Credentials via Accessible Serial Interface in TP Link's TL-WR850N
Mar 26, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-3622 HIGH
Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N
Mar 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3227 MEDIUM
Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N
Mar 16, 2026
CVSS 6.8
EPSS 0.01
CVE-2026-1668 CRITICAL
TP-Link Omada Switches - Web Interface Memory Corruption Code Execution
Mar 13, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-3841 HIGH
TP-Link TL-MR6400 v5.3 - Command Injection
Mar 12, 2026
CVSS 8.8
EPSS 0.02
CVE-2026-0655 HIGH
TP-Link Deco BE25 v1.0 - Path Traversal
Mar 02, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-0654 HIGH
TP-Link Deco BE25 v1.0-1.1.1 - Command Injection
Mar 02, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-1571 MEDIUM
TP-Link Archer C60 v3 < 260206 - Reflected Cross-Site Scripting via Crafted URL
Feb 11, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-0653 MEDIUM
TP-Link Tapo C260 v1 < 1.1.9 and D235 v1 < 1.2.2 - Authenticated Improper Access Control via Synchronization Endpoint
Feb 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0652 HIGH
TP-Link Tapo C260 Firmware < 1.1.9 - Authenticated OS Command Injection via Configuration Synchronization
Feb 10, 2026
CVSS 8.8
EPSS 0.22
CVE-2026-0651 HIGH
TP-Link Tapo C260 v1, D235 v1, C520WS v2.6 - Path Traversal via URL-Encoded GET Requests
Feb 10, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-22228 MEDIUM
TP-Link Archer BE230 < 1.2.4 - Authenticated Denial of Service via Crafted Configuration File
Feb 03, 2026
CVSS 4.9
EPSS 0.00
CVE-2026-22220 MEDIUM
TP-Link Archer BE230 < 1.2.4 - Denial of Service via HTTP Request
Feb 03, 2026
CVSS 4.5
EPSS 0.00
CVE-2026-22229 HIGH
TP-Link Archer BE230 v1.2 < 1.2.4 - Authenticated OS Command Injection via VPN Client Configuration Import
Feb 02, 2026
CVSS 7.2
EPSS 0.02
CVE-2026-22227 HIGH
TP-Link Archer BE230 < 1.2.4 - Authenticated OS Command Injection via Configuration Backup Restoration
Feb 02, 2026
CVSS 7.2
EPSS 0.03
CVE-2026-22226 HIGH
TP-Link Archer BE230 < 1.2.4 - Authenticated OS Command Injection in VPN Server Configuration
Feb 02, 2026
CVSS 7.2
EPSS 0.02
CVE-2026-22225 HIGH
TP-Link Archer BE230 v1.2 < 1.2.4 and AXE75 v1.0 < 1.5.3 - Authenticated OS Command Injection in VPN Connection Service
Feb 02, 2026
CVSS 7.2
EPSS 0.03
CVE-2026-22224 HIGH
TP-Link Archer BE230 v1.2 < 1.2.4 - Authenticated OS Command Injection via Cloud Communication Interface
Feb 02, 2026
CVSS 7.2
EPSS 0.03
CVE-2026-22223 HIGH
TP-Link Archer BE230 v1.2 < 1.2.4 - Authenticated OS Command Injection
Feb 02, 2026
CVSS 8.0
EPSS 0.01
CVE-2026-22222 HIGH
TP-Link Archer BE230 < 1.2.4 - Authenticated OS Command Injection
Feb 02, 2026
CVSS 8.0
EPSS 0.01
CVE-2026-22221 HIGH
TP-Link Archer BE230 v1.2 < 1.2.4 - Authenticated OS Command Injection in VPN Modules
Feb 02, 2026
CVSS 8.0
EPSS 0.01
CVE-2026-0631 HIGH
TP-Link Archer BE230 v1.2 < 1.2.4 - Authenticated OS Command Injection in VPN Modules
Feb 02, 2026
CVSS 8.0
EPSS 0.01
CVE-2026-0630 HIGH
TP-Link Archer BE230 v1.2 < 1.2.4 and AXE75 v1.0 < 1.5.3 - Authenticated OS Command Injection
Feb 02, 2026
CVSS 8.0
EPSS 0.01
CVE-2026-1457 HIGH
TP-Link VIGI C385 V1 - Buffer Overflow
Jan 29, 2026
CVSS 8.8
EPSS 0.07