Refine your search
12 vulnerabilities found for by TP-Link Systems Inc.
CVE-2025-14300 (GCVE-0-2025-14300)
Vulnerability from cvelistv5
Published
2025-12-20 00:43
Modified
2025-12-22 16:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Tapo C200 V3 |
Version: 0 < C200(US)_V3_1.4.5 Build 251104 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T16:11:04.458399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T16:12:08.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"ONVIF Server"
],
"product": "Tapo C200 V3",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "C200(US)_V3_1.4.5 Build 251104",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Simone Margaritelli (evilsocket)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device\u2019s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS).\u003cbr\u003e"
}
],
"value": "The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device\u2019s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service (DoS)."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-20T00:43:39.476Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"url": "https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes"
},
{
"url": "https://www.tp-link.com/us/support/faq/4849/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Access to connectAP API Endpoint on Tapo C200",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-14300",
"datePublished": "2025-12-20T00:43:39.476Z",
"dateReserved": "2025-12-08T22:05:13.804Z",
"dateUpdated": "2025-12-22T16:12:08.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14299 (GCVE-0-2025-14299)
Vulnerability from cvelistv5
Published
2025-12-20 00:42
Modified
2025-12-22 16:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Tapo C200 V3 |
Version: 0 < C200(US)_V3_1.4.5 Build 251104 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T16:08:41.801519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T16:08:54.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"HTTPS Server"
],
"product": "Tapo C200 V3",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "C200(US)_V3_1.4.5 Build 251104",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Simone Margaritelli (evilsocket)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS).\u003cbr\u003e"
}
],
"value": "The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS)."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-20T00:42:43.806Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"url": "https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes"
},
{
"url": "https://www.tp-link.com/us/support/faq/4849/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Content-Length Validation in HTTPS Requests on Tapo C200",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-14299",
"datePublished": "2025-12-20T00:42:43.806Z",
"dateReserved": "2025-12-08T22:05:00.941Z",
"dateUpdated": "2025-12-22T16:08:54.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8065 (GCVE-0-2025-8065)
Vulnerability from cvelistv5
Published
2025-12-20 00:41
Modified
2025-12-22 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | Tapo C200 V3 |
Version: 0 < C200(US)_V3_1.4.5 Build 251104 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-22T16:07:36.027962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T16:07:49.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"ONVIF Server"
],
"product": "Tapo C200 V3",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "C200(US)_V3_1.4.5 Build 251104",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Simone Margaritelli (evilsocket)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS).\u003cbr\u003e"
}
],
"value": "A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-service (DoS)."
}
],
"impacts": [
{
"capecId": "CAPEC-770",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-770 Allocation of Resources Without Limits or Throttling"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-20T00:41:56.823Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"url": "https://www.tp-link.com/us/support/download/tapo-c200/v3/#Firmware-Release-Notes"
},
{
"url": "https://www.tp-link.com/us/support/faq/4849/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer Overflow in ONVIF XML Parser on Tapo C200",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-8065",
"datePublished": "2025-12-20T00:41:56.823Z",
"dateReserved": "2025-07-22T21:23:25.432Z",
"dateUpdated": "2025-12-22T16:07:49.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14739 (GCVE-0-2025-14739)
Vulnerability from cvelistv5
Published
2025-12-18 18:02
Modified
2025-12-19 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-824 - Access of Uninitialized Pointer
Summary
Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack
and potentially arbitrary code execution
under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤ WR940N v5 3.20.1 Build 200316,
≤
WR941ND v6 3.16.9 Build 151203.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | WR940N and WR941ND |
Version: 0 < Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14739",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:46.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WR940N and WR941ND",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThanOrEqual": "WR940N v5 3.20.1 Build 200316",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "WR941ND v6 3.16.9 Build 151203",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "VulnCheck"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows\u0026nbsp;local unauthenticated attackers the ability to execute DoS attack \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eand potentially arbitrary code execution\u003c/span\u003e\n\nunder the context of the \u2018root\u2019 user.\u003cp\u003eThis issue affects WR940N and WR941ND: \u2264 WR940N v5 3.20.1 Build 200316, \n\n\u2264\n\n WR941ND v6 3.16.9 Build 151203.\u003c/p\u003e"
}
],
"value": "Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows\u00a0local unauthenticated attackers the ability to execute DoS attack \n\nand potentially arbitrary code execution\n\nunder the context of the \u2018root\u2019 user.This issue affects WR940N and WR941ND: \u2264 WR940N v5 3.20.1 Build 200316, \n\n\u2264\n\n WR941ND v6 3.16.9 Build 151203."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:37:03.298Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"url": "https://www.tp-link.com/us/support/download/tl-wr941nd/#Firmware"
},
{
"url": "https://www.tp-link.com/us/support/download/tl-wr940n/v5/#Firmware"
},
{
"url": "https://blog.exodusintel.com/2022/06/23/tp-link-wr940n-wr941nd-uninitialized-pointer-vulnerability/"
},
{
"url": "https://www.tp-link.com/us/support/faq/4848/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Uninitialized Pointer Vulnerability in TP-Link WR940N and WR941ND",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-14739",
"datePublished": "2025-12-18T18:02:04.697Z",
"dateReserved": "2025-12-15T18:35:29.224Z",
"dateUpdated": "2025-12-19T04:55:46.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14738 (GCVE-0-2025-14738)
Vulnerability from cvelistv5
Published
2025-12-18 18:01
Modified
2025-12-18 19:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527,
≤
WA850RE V3_160922.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | WA850RE |
Version: 0 < Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T18:16:59.276664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:17:06.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"httpd"
],
"product": "WA850RE",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThanOrEqual": "WA850RE V2_160527",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "WA850RE V3_160922",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "VulnCheck"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.\u003cp\u003eThis issue affects: \u2264 WA850RE V2_160527,\n\n \u2264 \n\n WA850RE V3_160922.\u003c/p\u003e"
}
],
"value": "Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: \u2264 WA850RE V2_160527,\n\n \u2264 \n\n WA850RE V3_160922."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:36:35.120Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"url": "https://www.tp-link.com/us/support/download/tl-wa850re/v2/#Firmware"
},
{
"url": "https://www.tp-link.com/us/support/download/tl-wa850re/v3/#Firmware"
},
{
"url": "https://blog.exodusintel.com/2022/06/23/tp-link-wa850re-unauthenticated-configuration-disclosure-vulnerability/"
},
{
"url": "https://www.tp-link.com/us/support/faq/4848/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Configuration Disclosure Vulnerability in TP-Link WA850RE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-14738",
"datePublished": "2025-12-18T18:01:18.875Z",
"dateReserved": "2025-12-15T18:35:27.840Z",
"dateUpdated": "2025-12-18T19:36:35.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14737 (GCVE-0-2025-14737)
Vulnerability from cvelistv5
Published
2025-12-18 18:00
Modified
2025-12-19 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527,
≤
WA850RE V3_160922.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TP-Link Systems Inc. | WA850RE |
Version: 0 < Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T04:55:47.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"httpd"
],
"product": "WA850RE",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThanOrEqual": "WA850RE V2_160527",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "WA850RE V3_160922",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "VulnCheck"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.\u003cp\u003eThis issue affects: \u2264 WA850RE V2_160527, \n\n\u2264 \n\nWA850RE V3_160922.\u003c/p\u003e"
}
],
"value": "Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: \u2264 WA850RE V2_160527, \n\n\u2264 \n\nWA850RE V3_160922."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:35:50.886Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"url": "https://www.tp-link.com/us/support/download/tl-wa850re/v2/#Firmware"
},
{
"url": "https://www.tp-link.com/us/support/download/tl-wa850re/v3/#Firmware"
},
{
"url": "https://blog.exodusintel.com/2022/06/23/tp-link-wa850re-remote-command-injection-vulnerability/"
},
{
"url": "https://www.tp-link.com/us/support/faq/4848/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Command Injection Vulnerability in TP-Link WA850RE",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-14737",
"datePublished": "2025-12-18T18:00:29.533Z",
"dateReserved": "2025-12-15T18:35:26.252Z",
"dateUpdated": "2025-12-19T04:55:47.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14553 (GCVE-0-2025-14553)
Vulnerability from cvelistv5
Published
2025-12-16 18:38
Modified
2025-12-17 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Exposure of password hashes through an unauthenticated API response in TP-Link Tapo C210 V.1.8 app on iOS and Android, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TP-Link Systems Inc. | Tapo C210 |
Version: 0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T19:09:57.442313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T19:10:54.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Application"
],
"platforms": [
"Android"
],
"product": "Tapo C210",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.1.6",
"status": "affected",
"version": "0",
"versionType": "3.1.6"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Application"
],
"platforms": [
"iOS"
],
"product": "Tapo C210",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "3.1.601",
"status": "affected",
"version": "0",
"versionType": "3.1.601"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juraj Ny\u00edri"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of password hashes through an unauthenticated API response in TP-Link Tapo C210 V.1.8 app on iOS and Android, allowing attackers to brute force the password in the local network.\u0026nbsp;Issue can be mitigated through mobile application updates. Device firmware remains unchanged."
}
],
"value": "Exposure of password hashes through an unauthenticated API response in TP-Link Tapo C210 V.1.8 app on iOS and Android, allowing attackers to brute force the password in the local network.\u00a0Issue can be mitigated through mobile application updates. Device firmware remains unchanged."
}
],
"impacts": [
{
"capecId": "CAPEC-55",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-55 Rainbow Table Password Cracking"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T19:42:38.428Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"url": "https://apps.apple.com/us/app/tp-link-tapo/id1472718009"
},
{
"url": "https://play.google.com/store/apps/details?id=com.tplink.iot"
},
{
"url": "https://www.tp-link.com/us/support/faq/4840/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Password Hash Leak Could Lead to Unauthorized Access on Tapo 210 via Local Network",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-14553",
"datePublished": "2025-12-16T18:38:08.805Z",
"dateReserved": "2025-12-11T22:58:26.015Z",
"dateUpdated": "2025-12-17T19:42:38.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7851 (GCVE-0-2025-7851)
Vulnerability from cvelistv5
Published
2025-10-21 00:29
Modified
2025-10-24 17:00
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TP-Link Systems Inc. | Omada gateways |
Version: 0 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T14:07:19.825502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T14:07:59.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Omada gateways",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "ER8411 1.3.3, ER7412-M2 1.1.0, ER707-M2 1.3.1, ER7206 2.2.2, ER605 2.3.1, ER706W 1.2.1, ER706W-4G 1.2.1, ER7212PC 2.1.3",
"status": "affected",
"version": "0",
"versionType": "Firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Festa gateways",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "FR365 1.1.10, FR205 1.0.3, FR307 1.2.5",
"status": "affected",
"version": "0",
"versionType": "Firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Pro gateways",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "G36 1.1.4, G611 1.2.2",
"status": "affected",
"version": "0",
"versionType": "Firmware"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stanislav Dashevskyi and Francesco La Spina of Forescout"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eAn attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T17:00:06.753Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.omadanetworks.com/en/document/108456/"
},
{
"tags": [
"product"
],
"url": "https://www.omadanetworks.com/us/business-networking/all-omada-router/"
},
{
"tags": [
"product"
],
"url": "https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/"
},
{
"tags": [
"product"
],
"url": "https://www.tp-link.com/us/business-networking/soho-festa-gateway/"
},
{
"url": "https://www.forescout.com/blog/new-tp-link-router-vulnerabilities-a-primer-on-rooting-routers/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthorized root access via debug functionality",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-7851",
"datePublished": "2025-10-21T00:29:05.809Z",
"dateReserved": "2025-07-18T21:49:12.159Z",
"dateUpdated": "2025-10-24T17:00:06.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7850 (GCVE-0-2025-7850)
Vulnerability from cvelistv5
Published
2025-10-21 00:28
Modified
2025-10-24 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TP-Link Systems Inc. | Omada gateways |
Version: 0 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T14:09:38.276316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T14:10:11.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Omada gateways",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "ER8411 1.3.3, ER7412-M2 1.1.0, ER707-M2 1.3.1, ER7206 2.2.2, ER605 2.3.1, ER706W 1.2.1, ER706W-4G 1.2.1, ER7212PC 2.1.3",
"status": "affected",
"version": "0",
"versionType": "Firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Festa gateways",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "FR365 1.1.10, FR205 1.0.3, FR307 1.2.5",
"status": "affected",
"version": "0",
"versionType": "Firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Pro gateways",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "G36 1.1.4, G611 1.2.2",
"status": "affected",
"version": "0",
"versionType": "Firmware"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stanislav Dashevskyi and Francesco La Spina of Forescout"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA command injection vulnerability may be exploited after the admin\u0027s authentication on the web portal on Omada gateways.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "A command injection vulnerability may be exploited after the admin\u0027s authentication on the web portal on Omada gateways."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T16:59:25.310Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.omadanetworks.com/en/document/108456/"
},
{
"tags": [
"product"
],
"url": "https://www.omadanetworks.com/us/business-networking/all-omada-router/"
},
{
"tags": [
"product"
],
"url": "https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/"
},
{
"tags": [
"product"
],
"url": "https://www.tp-link.com/us/business-networking/soho-festa-gateway/"
},
{
"url": "https://www.forescout.com/blog/new-tp-link-router-vulnerabilities-a-primer-on-rooting-routers/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated OS command execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-7850",
"datePublished": "2025-10-21T00:28:11.589Z",
"dateReserved": "2025-07-18T21:49:10.486Z",
"dateUpdated": "2025-10-24T16:59:25.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6542 (GCVE-0-2025-6542)
Vulnerability from cvelistv5
Published
2025-10-21 00:23
Modified
2025-10-21 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TP-Link Systems Inc. | Omada gateways |
Version: 0 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T14:14:50.370895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T14:15:13.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Omada gateways",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "ER8411 1.3.3, ER7412-M2 1.1.0, ER707-M2 1.3.1, ER7206 2.2.2, ER605 2.3.1, ER706W 1.2.1, ER706W-4G 1.2.1, ER7212PC 2.1.3",
"status": "affected",
"version": "0",
"versionType": "Firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Festa gateways",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "FR365 1.1.10, FR205 1.0.3, FR307 1.2.5",
"status": "affected",
"version": "0",
"versionType": "Firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Pro gateways",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "G36 1.1.4, G611 1.2.2",
"status": "affected",
"version": "0",
"versionType": "Firmware"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary OS command may be executed on the product by a remote unauthenticated attacker."
}
],
"value": "An arbitrary OS command may be executed on the product by a remote unauthenticated attacker."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T01:16:09.887Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.omadanetworks.com/en/document/108455/"
},
{
"tags": [
"product"
],
"url": "https://www.omadanetworks.com/us/business-networking/all-omada-router/"
},
{
"tags": [
"product"
],
"url": "https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/"
},
{
"tags": [
"product"
],
"url": "https://www.tp-link.com/us/business-networking/soho-festa-gateway/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OS command injection in multiple parameters",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-6542",
"datePublished": "2025-10-21T00:23:08.908Z",
"dateReserved": "2025-06-23T17:48:10.419Z",
"dateUpdated": "2025-10-21T14:15:13.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6541 (GCVE-0-2025-6541)
Vulnerability from cvelistv5
Published
2025-10-21 00:21
Modified
2025-10-21 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TP-Link Systems Inc. | Omada gateways |
Version: 0 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T13:56:36.534414Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T13:57:51.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Omada gateways",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "ER8411 1.3.3, ER7412-M2 1.1.0, ER707-M2 1.3.1, ER7206 2.2.2, ER605 2.3.1, ER706W 1.2.1, ER706W-4G 1.2.1, ER7212PC 2.1.3",
"status": "affected",
"version": "0",
"versionType": "Firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Festa gateways",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "FR365 1.1.10, FR205 1.0.3, FR307 1.2.5",
"status": "affected",
"version": "0",
"versionType": "Firmware"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Omada Pro gateways",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "G36 1.1.4, G611 1.2.2",
"status": "affected",
"version": "0",
"versionType": "Firmware"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An arbitrary OS command may be executed on the product by the user who can log in to the web management interface."
}
],
"value": "An arbitrary OS command may be executed on the product by the user who can log in to the web management interface."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T00:21:42.535Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.omadanetworks.com/en/document/108455/"
},
{
"tags": [
"product"
],
"url": "https://www.omadanetworks.com/us/business-networking/all-omada-router/"
},
{
"tags": [
"product"
],
"url": "https://www.omadanetworks.com/us/business-networking/omada-pro-router-wired-router/"
},
{
"tags": [
"product"
],
"url": "https://www.tp-link.com/us/business-networking/soho-festa-gateway/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OS command injection using information obtained from the web management interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-6541",
"datePublished": "2025-10-21T00:21:42.535Z",
"dateReserved": "2025-06-23T17:48:07.425Z",
"dateUpdated": "2025-10-21T13:57:51.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9377 (GCVE-0-2025-9377)
Vulnerability from cvelistv5
Published
2025-08-29 17:30
Modified
2025-10-21 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.
This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108.
Both products have reached the status of EOL (end-of-life).
It's recommending to
purchase the new
product to ensure better performance and security. If replacement is not
an option in the short term, please use the second reference link to
download and install the patch(es).
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TP-Link Systems Inc. | Archer C7(EU) V2 |
Version: 0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9377",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T03:55:24.199487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-9377"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:20.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-9377"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-03T00:00:00+00:00",
"value": "CVE-2025-9377 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Archer C7(EU) V2",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "241108",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
},
{
"defaultStatus": "unaffected",
"product": "TL-WR841N/ND(MS) V9",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "241108",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe authenticated remote command execution (RCE) vulnerability exists in the Parental Control page\u0026nbsp;on\u0026nbsp;TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.\u003c/div\u003e\u003cp\u003eThis issue affects Archer C7(EU) V2: before 241108 and\u0026nbsp;TL-WR841N/ND(MS) V9: before 241108.\u003c/p\u003e\u003cp\u003eBoth products have reached the status of EOL \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e(end-of-life).\u003c/span\u003e\nIt\u0027s recommending to \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003epurchase the new \nproduct to ensure better performance and security. If replacement is not\n an option in the short term, please use the second reference link to \ndownload and install the patch(es).\n\n\u003c/span\u003e\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page\u00a0on\u00a0TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.\n\nThis issue affects Archer C7(EU) V2: before 241108 and\u00a0TL-WR841N/ND(MS) V9: before 241108.\n\nBoth products have reached the status of EOL (end-of-life).\nIt\u0027s recommending to \n\npurchase the new \nproduct to ensure better performance and security. If replacement is not\n an option in the short term, please use the second reference link to \ndownload and install the patch(es)."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T17:30:33.700Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4365/"
},
{
"tags": [
"patch",
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/4308/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Authenticated RCE via Parental Control command injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2025-9377",
"datePublished": "2025-08-29T17:30:33.700Z",
"dateReserved": "2025-08-23T00:15:09.238Z",
"dateUpdated": "2025-10-21T22:45:20.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}