tp-link
535 tracked vulnerabilities.
CVE-2025-58455
HIGH
TP-Link Archer AX53 <1.3.1 - Buffer Overflow
Feb 03, 2026
CVSS 8.0
EPSS 0.00
CVE-2025-58077
HIGH
TP-Link Archer AX53 v1.0 < 1.3.1 Build 20241120 - Authenticated Heap-based Buffer Overflow via tmpserver Module
Feb 03, 2026
CVSS 8.0
EPSS 0.00
CVE-2025-15548
MEDIUM
TP-Link VX800v Firmware < 800.0.18 - Missing Encryption of Sensitive Data in Web Interface
Jan 29, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-15543
MEDIUM
TP-Link VX800v Firmware < 800.0.11 - Improper Link Resolution in USB HTTP Access Path
Jan 29, 2026
CVSS 4.6
EPSS 0.00
CVE-2025-15542
MEDIUM
TP-Link VX800v Firmware < 800.0.12 - Denial of Service via SIP INVITE Flood
Jan 29, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-15541
MEDIUM
TP-Link VX800v Firmware < 800.0.11 - Authenticated Symbolic Link Resolution
Jan 29, 2026
CVSS 6.3
EPSS 0.00
CVE-2025-13399
HIGH
TP-Link VX800v Firmware < 800.0.11 - Unauthenticated Weak AES Key Brute Force in Web Interface
Jan 29, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-15545
MEDIUM
TP-Link Archer RE605X Firmware <= 1.2.10 - Command Injection via Backup Restore
Jan 29, 2026
CVSS 6.8
EPSS 0.00
CVE-2025-9522
MEDIUM
TP-Link Omada Controllers - Webhook Server-Side Request Forgery
Jan 26, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-9521
MEDIUM
Omada Controllers - Privilege Escalation
Jan 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-9520
MEDIUM
TP-Link Omada Controllers - Administrator IDOR Owner Account Hijack
Jan 26, 2026
CVSS 6.8
EPSS 0.00
CVE-2025-14756
HIGH
TP-Link Archer MR600 v5 - Command Injection
Jan 26, 2026
CVSS 8.8
EPSS 0.03
CVE-2025-9290
MEDIUM
TP-Link Omada Controller and Devices - Authentication Bypass via Predictable Salt in Adoption Traffic
Jan 23, 2026
CVSS 5.9
EPSS 0.00
CVE-2025-9289
MEDIUM
TP-Link Omada Controller < 6.0.0.24 - Stored Cross-Site Scripting
Jan 22, 2026
CVSS 4.7
EPSS 0.00
CVE-2025-9014
HIGH
TP-Link TL-WR841N v14 < 250908 - Unauthenticated Denial of Service via Referer Header Check
Jan 15, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-15035
HIGH
TP-Link Archer AXE75 v1.6 - Privilege Escalation
Jan 09, 2026
CVSS 7.3
EPSS 0.00
CVE-2025-14631
MEDIUM
TP-Link Archer BE400 < 1.1.0 - Denial of Service via NULL Pointer Dereference
Jan 07, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-14175
MEDIUM
TP-Link TL-WR820N v2.80 - Info Disclosure
Dec 29, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-8065
MEDIUM
TP-Link Tapo C200 V3 < V3_1.4.5 & C520WS v2.6 < 1.2.4 - RCE via ONVIF SOAP XML Prefix Overflow
Dec 20, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-14300
HIGH
Tapo C200 V3 < V3_1.4.5 Build 251104 - Unauthenticated Denial of Service via connectAP Interface
Dec 20, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-14299
MEDIUM
Tapo C200 V3 Firmware - Unauthenticated Denial of Service via HTTPS Content-Length Header Overflow
Dec 20, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-14738
HIGH
TP-Link TL-WA850RE Firmware < 160527 - Unauthenticated Configuration File Disclosure
Dec 18, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-14737
HIGH
TP-Link TL-WA850RE Firmware < 160527 - Authenticated OS Command Injection
Dec 18, 2025
CVSS 8.0
EPSS 0.01
CVE-2025-7851
CRITICAL
Omada gateway - Privilege Escalation
Oct 21, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-7850
HIGH
TP-Link Omada Gateways - Authenticated OS Command Injection
Oct 21, 2025
CVSS 7.2
EPSS 0.02
Products
tl-wr841n_firmware 39
tl-wr886n_firmware 39
er5110g_firmware 25
er5120g_firmware 25
er5510g_firmware 25
er5520g_firmware 25
r4149g_firmware 25
r4239g_firmware 25
r4299g_firmware 25
r473_firmware 25
r473g_firmware 25
r473gp-ac_firmware 25
r473p-ac_firmware 25
r478\+_firmware 25
r478_firmware 25
r478g\+_firmware 25
r483_firmware 25
r483g_firmware 25
r488_firmware 25
war1300l_firmware 25
war1750l_firmware 25
war2600l_firmware 25
war302_firmware 25
war450_firmware 25
war450l_firmware 25
war458_firmware 25
war458l_firmware 25
war900l_firmware 25
wvr1300g_firmware 25
wvr1300l_firmware 25
Quick Filters