tp-link

535 tracked vulnerabilities.

CVE-2026-1315 HIGH
TP-Link Tapo C220 and C520WS Firmware - Unauthenticated Denial of Service via Firmware Update Endpoint
Jan 27, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-0919 HIGH
TP-Link Tapo C210 v3 C220 v1 C520WS v2 - Unauthenticated Denial of Service via Long URL Path
Jan 27, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-0918 HIGH
TP-Link Tapo C100 v5 C220 v1 C520WS v2 - Unauthenticated Denial of Service via Large Content-Length Header
Jan 27, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-0834 HIGH
TP-Link Archer C20 v5/v6, AX53 v1, TL-WR841N v13 - Unauthenticated RCE via TDDP
Jan 21, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-15606 HIGH
Denial of Service (DoS) in HTTPD Input Handling on TP-Link TD-W8961N
Mar 23, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-15605 HIGH
Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600
Mar 23, 2026
CVSS 7.3
EPSS 0.00
CVE-2025-15519 HIGH
Command Injection in Modem Management CLI on TP-Link Archer NX200, NX210, NX500 and NX600
Mar 23, 2026
CVSS 7.2
EPSS 0.01
CVE-2025-15518 HIGH
Command Injection in Wireless Control CLI on TP-Link Archer NX200, NX210, NX500 and NX600
Mar 23, 2026
CVSS 7.2
EPSS 0.01
CVE-2025-15517 HIGH
Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600
Mar 23, 2026
CVSS 8.1
EPSS 0.03
CVE-2025-15608 CRITICAL
Buffer Overflow in Network Probe Handling Function of TP-Link Archer AX53
Mar 20, 2026
CVSS 9.8
EPSS 0.01
CVE-2025-15607 CRITICAL
Authenticated Command Injection in mcsd Service of TP-Link Archer AX53
Mar 20, 2026
CVSS 9.8
EPSS 0.02
CVE-2025-15568 HIGH
Archer AXE75 v1.6/v1.0 - Command Injection
Mar 09, 2026
CVSS 8.0
EPSS 0.01
CVE-2025-7375 MEDIUM
Omada EAP610 Firmware < 1.6.0 - Denial of Service via Crafted HTTP Requests
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-9293 HIGH
Certificate Validation Logic - Info Disclosure
Feb 13, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-9292 HIGH
TP-Link Omada Cloud Controller - Permissive Cross-domain Security Policy with Untrusted Domains
Feb 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-15557 HIGH
TP-Link Tapo H100 < 1.6.1 and Tapo P100 < 1.2.6 - Improper Certificate Validation
Feb 05, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-15551 MEDIUM
TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, TL-WR845N v4 - RCE
Feb 05, 2026
CVSS 5.6
EPSS 0.00
CVE-2025-62673 HIGH
TP-Link Archer AX53 v1.0 < 1.3.1 Build 20241120 - Heap-based Buffer Overflow via Malformed Network Packet
Feb 03, 2026
CVSS 8.0
EPSS 0.01
CVE-2025-62501 HIGH
TP-Link Archer AX53 <1.3.1 - Info Disclosure
Feb 03, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-62405 HIGH
TP-Link Archer AX53 v1.0 < 1.3.1 Build 20241120 - Authenticated Heap-based Buffer Overflow via tmpserver Module
Feb 03, 2026
CVSS 8.0
EPSS 0.00
CVE-2025-62404 HIGH
TP-Link Archer AX53 v1.0 <= 1.3.1 Build 20241120 - Authenticated Heap-based Buffer Overflow in tmpserver Module
Feb 03, 2026
CVSS 8.0
EPSS 0.00
CVE-2025-61983 HIGH
TP-Link Archer AX53 v1.0 < 1.3.1 Build 20241120 - Authenticated Heap-based Buffer Overflow via tmpserver Network Packet
Feb 03, 2026
CVSS 8.0
EPSS 0.00
CVE-2025-61944 HIGH
TP-Link Archer AX53 v1.0 < 1.3.1 Build 20241120 - Authenticated Heap-based Buffer Overflow via tmpserver Module
Feb 03, 2026
CVSS 8.0
EPSS 0.00
CVE-2025-59487 HIGH
TP-Link Archer AX53 v1.0 < 1.3.1 Heap-based Buffer Overflow via tmpserver Packet
Feb 03, 2026
CVSS 8.0
EPSS 0.00
CVE-2025-59482 HIGH
TP-Link Archer AX53 v1.0 < 1.3.1 Build 20241120 - Authenticated Heap-based Buffer Overflow via tmpserver Network Packet
Feb 03, 2026
CVSS 8.0
EPSS 0.00