tp-link

535 tracked vulnerabilities.

CVE-2025-58455 HIGH
TP-Link Archer AX53 <1.3.1 - Buffer Overflow
Feb 03, 2026
CVSS 8.0
EPSS 0.00
CVE-2025-58077 HIGH
TP-Link Archer AX53 v1.0 < 1.3.1 Build 20241120 - Authenticated Heap-based Buffer Overflow via tmpserver Module
Feb 03, 2026
CVSS 8.0
EPSS 0.00
CVE-2025-15548 MEDIUM
TP-Link VX800v Firmware < 800.0.18 - Missing Encryption of Sensitive Data in Web Interface
Jan 29, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-15543 MEDIUM
TP-Link VX800v Firmware < 800.0.11 - Improper Link Resolution in USB HTTP Access Path
Jan 29, 2026
CVSS 4.6
EPSS 0.00
CVE-2025-15542 MEDIUM
TP-Link VX800v Firmware < 800.0.12 - Denial of Service via SIP INVITE Flood
Jan 29, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-15541 MEDIUM
TP-Link VX800v Firmware < 800.0.11 - Authenticated Symbolic Link Resolution
Jan 29, 2026
CVSS 6.3
EPSS 0.00
CVE-2025-13399 HIGH
TP-Link VX800v Firmware < 800.0.11 - Unauthenticated Weak AES Key Brute Force in Web Interface
Jan 29, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-15545 MEDIUM
TP-Link Archer RE605X Firmware <= 1.2.10 - Command Injection via Backup Restore
Jan 29, 2026
CVSS 6.8
EPSS 0.00
CVE-2025-9522 MEDIUM
TP-Link Omada Controllers - Webhook Server-Side Request Forgery
Jan 26, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-9521 MEDIUM
Omada Controllers - Privilege Escalation
Jan 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-9520 MEDIUM
TP-Link Omada Controllers - Administrator IDOR Owner Account Hijack
Jan 26, 2026
CVSS 6.8
EPSS 0.00
CVE-2025-14756 HIGH
TP-Link Archer MR600 v5 - Command Injection
Jan 26, 2026
CVSS 8.8
EPSS 0.03
CVE-2025-9290 MEDIUM
TP-Link Omada Controller and Devices - Authentication Bypass via Predictable Salt in Adoption Traffic
Jan 23, 2026
CVSS 5.9
EPSS 0.00
CVE-2025-9289 MEDIUM
TP-Link Omada Controller < 6.0.0.24 - Stored Cross-Site Scripting
Jan 22, 2026
CVSS 4.7
EPSS 0.00
CVE-2025-9014 HIGH
TP-Link TL-WR841N v14 < 250908 - Unauthenticated Denial of Service via Referer Header Check
Jan 15, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-15035 HIGH
TP-Link Archer AXE75 v1.6 - Privilege Escalation
Jan 09, 2026
CVSS 7.3
EPSS 0.00
CVE-2025-14631 MEDIUM
TP-Link Archer BE400 < 1.1.0 - Denial of Service via NULL Pointer Dereference
Jan 07, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-14175 MEDIUM
TP-Link TL-WR820N v2.80 - Info Disclosure
Dec 29, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-8065 MEDIUM
TP-Link Tapo C200 V3 < V3_1.4.5 & C520WS v2.6 < 1.2.4 - RCE via ONVIF SOAP XML Prefix Overflow
Dec 20, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-14300 HIGH
Tapo C200 V3 < V3_1.4.5 Build 251104 - Unauthenticated Denial of Service via connectAP Interface
Dec 20, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-14299 MEDIUM
Tapo C200 V3 Firmware - Unauthenticated Denial of Service via HTTPS Content-Length Header Overflow
Dec 20, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-14738 HIGH
TP-Link TL-WA850RE Firmware < 160527 - Unauthenticated Configuration File Disclosure
Dec 18, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-14737 HIGH
TP-Link TL-WA850RE Firmware < 160527 - Authenticated OS Command Injection
Dec 18, 2025
CVSS 8.0
EPSS 0.01
CVE-2025-7851 CRITICAL
Omada gateway - Privilege Escalation
Oct 21, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-7850 HIGH
TP-Link Omada Gateways - Authenticated OS Command Injection
Oct 21, 2025
CVSS 7.2
EPSS 0.02