Tp Link Security Vulnerabilities (CVEs)
Track 153 security vulnerabilities affecting Tp Link products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This is a cross-site scripting (XSS) vulnerability in TP-Link Archer C60 v3 routers where user input is reflected in HTML output without proper encodi...
Feb 11, 2026This vulnerability allows guest-level authenticated users on TP-Link Tapo C260 v1 cameras to bypass access restrictions by sending crafted requests to...
Feb 10, 2026This vulnerability allows attackers on the same local network to probe the TP-Link Tapo C260 v1 camera's filesystem to determine if specific files exi...
Feb 10, 2026This vulnerability allows attackers to execute arbitrary JavaScript code on affected TP-Link router admin portals via Man-in-the-Middle attacks. The r...
Feb 5, 2026An improper certificate validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows attackers on the same network segment to intercept an...
Feb 5, 2026A misconfiguration in TP-Link Archer AX53 v1.0's SSH hostkey implementation allows attackers to perform man-in-the-middle attacks to capture device cr...
Feb 3, 2026A heap-based buffer overflow vulnerability in TP-Link Archer AX53 v1.0 routers allows attackers on the same network to crash the device or potentially...
Feb 3, 2026A heap-based buffer overflow vulnerability in TP-Link Archer AX53 v1.0 routers allows authenticated attackers on the same network to crash the device ...
Feb 3, 2026A heap-based buffer overflow vulnerability in TP-Link Archer AX53 v1.0 routers allows authenticated attackers on the same network to crash the device ...
Feb 3, 2026A heap-based buffer overflow vulnerability in TP-Link Archer AX53 v1.0 routers allows authenticated attackers on the same network to crash the device ...
Feb 3, 2026A heap-based buffer overflow in TP-Link Archer AX53 v1.0's tmpserver modules allows authenticated attackers on the same network to crash the device or...
Feb 3, 2026A heap-based buffer overflow in TP-Link Archer AX53 v1.0's tmpserver modules allows authenticated attackers on the same network to crash the device or...
Feb 3, 2026A heap-based buffer overflow vulnerability in TP-Link Archer AX53 v1.0 routers allows authenticated attackers on the same network to crash the device ...
Feb 3, 2026A heap-based buffer overflow vulnerability in TP-Link Archer AX53 v1.0 routers allows authenticated attackers on the same network to crash the device ...
Feb 3, 2026This CVE describes a heap-based buffer overflow in the tmpserver modules of TP-Link Archer AX53 v1.0 routers. Authenticated attackers on the same loca...
Feb 3, 2026This vulnerability allows a network-adjacent attacker with administrative access to send specially crafted HTTP requests to the TP-Link Archer BE230 r...
Feb 3, 2026An authenticated high-privilege user can cause a denial-of-service condition in TP-Link Archer BE230 routers by restoring a crafted configuration file...
Feb 3, 2026This CVE describes a command injection vulnerability in TP-Link Archer BE230 routers that allows authenticated attackers to execute arbitrary commands...
Feb 2, 2026An OS command injection vulnerability in TP-Link Archer BE230 routers allows adjacent authenticated attackers to execute arbitrary commands. This coul...
Feb 2, 2026This CVE describes an authenticated command injection vulnerability in TP-Link Archer BE230 routers. Attackers with admin access can execute arbitrary...
Feb 2, 2026This CVE describes a command injection vulnerability in the Archer BE230 router's VPN Connection Service that requires admin authentication. Successfu...
Feb 2, 2026A command injection vulnerability in TP-Link Archer BE230 routers allows authenticated attackers to execute arbitrary OS commands via the configuratio...
Feb 2, 2026This CVE describes a command injection vulnerability in TP-Link Archer BE230 routers that allows authenticated attackers to execute arbitrary commands...
Feb 2, 2026An OS command injection vulnerability in TP-Link Archer BE230 routers allows adjacent authenticated attackers to execute arbitrary commands. This coul...
Feb 2, 2026An authenticated OS command injection vulnerability in TP-Link Archer BE230 routers allows attackers on the same network to execute arbitrary commands...
Feb 2, 2026An authenticated OS command injection vulnerability in TP-Link Archer BE230 routers allows attackers on the same network to execute arbitrary commands...
Feb 2, 2026An OS command injection vulnerability in TP-Link Archer BE230 routers allows adjacent authenticated attackers to execute arbitrary commands. Successfu...
Feb 2, 2026A remote, unauthenticated attacker can exploit a null pointer dereference vulnerability in the TP-Link TL-WR841N v14 web portal's referer header check...
Jan 15, 2026This CVE describes a command injection vulnerability in TP-Link WA850RE range extenders' httpd modules. Authenticated attackers on the same network ca...
Dec 18, 2025An improper authentication vulnerability in TP-Link WA850RE Wi-Fi range extenders allows unauthenticated attackers to download the device configuratio...
Dec 18, 2025This critical vulnerability (CVE-2025-6542) allows remote unauthenticated attackers to execute arbitrary operating system commands on affected Omada a...
Oct 21, 2025This vulnerability allows an attacker to gain root shell access on Omada gateway devices under restricted conditions. It affects TP-Link Omada busines...
Oct 21, 2025This vulnerability allows authenticated users of the web management interface to execute arbitrary operating system commands on affected Omada/Tp-Link...
Oct 21, 2025The TP-Link KP303 Smartplug has an authentication bypass vulnerability that allows unauthenticated attackers to send protocol commands. This can cause...
Aug 25, 2025A buffer overflow vulnerability in TP-Link TL-WR841N V11 routers allows remote attackers to crash the web service, causing denial-of-service. The vuln...
Jul 29, 2025A buffer overflow vulnerability in TP-Link TL-WR841N V11 routers allows remote attackers to crash the web service, causing denial-of-service. The vuln...
Jul 29, 2025A buffer overflow vulnerability in TP-Link TL-WR841N V11 routers allows remote attackers to crash the web service by sending specially crafted request...
Jul 29, 2025This vulnerability involves hardcoded root passwords in specific TP-Link router firmware versions, allowing attackers to gain administrative access. A...
Feb 26, 2025This vulnerability allows attackers to bypass authentication on TP-Link Archer C20 routers by adding a specific Referer header to requests targeting i...
Feb 18, 2025A buffer overflow vulnerability exists in TP-Link TL-WR841ND V11 routers via the username and password parameters at /userRpm/PPPoEv6CfgRpm.htm. Attac...
Feb 13, 2025A buffer overflow vulnerability in TP-Link TL-WR841ND V11 routers allows attackers to cause Denial of Service (DoS) by sending specially crafted packe...
Feb 13, 2025A buffer overflow vulnerability in TP-Link TL-WR841ND V11 routers allows attackers to cause Denial of Service (DoS) by sending specially crafted packe...
Feb 13, 2025A buffer overflow vulnerability in TP-Link TL-WR841ND V11 routers allows attackers to cause Denial of Service (DoS) by sending specially crafted packe...
Feb 13, 2025This vulnerability allows remote attackers to execute arbitrary code on TP-Link TL-WPA8630 powerline adapters via command injection in the 'devpwd' pa...
Feb 7, 2025This vulnerability allows authenticated attackers to execute arbitrary code as root on TP-Link TL-WR940N V3/V4 routers via buffer overflow in DNS serv...
Jan 9, 2025This vulnerability in TP-Link TL-WR845N routers transmits user credentials in plaintext after a factory reset, allowing attackers to intercept login c...
Dec 10, 2024TP-Link TL-WR845N routers with specific firmware versions have weak default administrator credentials that are easily guessable. This allows attackers...
Dec 10, 2024A critical buffer overflow vulnerability in TP-Link VN020 F3v(T) routers allows attackers within the local network to execute arbitrary code or cause ...
Dec 8, 2024A critical stack-based buffer overflow vulnerability exists in the DHCP DISCOVER packet parser of TP-Link VN020 F3v(T) routers. Attackers can exploit ...
Nov 15, 2024This vulnerability allows attackers with physical access to extract Wi-Fi credentials stored in plain text within TP-Link IoT Smart Hub firmware. Affe...
Nov 4, 2024Why Monitor Tp Link Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 153+ known vulnerabilities affecting Tp Link products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Tp Link packages in under 60 seconds. No agents required - completely agentless scanning that works across Tp Link deployments.
Free vulnerability database: Access detailed information about every Tp Link CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Tp Link CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
