Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TP-Link Systems Inc. — Vulnerabilities & Security Advisories 107

Browse all 107 CVE security advisories affecting TP-Link Systems Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TP-Link Systems Inc. operates as a leading manufacturer of consumer networking hardware, primarily producing wireless routers, switches, and smart home devices for residential and small business environments. The company’s firmware and web management interfaces have historically been susceptible to critical vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These weaknesses often stem from insufficient input validation and hardcoded credentials within embedded web servers, allowing attackers to gain unauthorized administrative access or execute arbitrary commands on affected devices. Notable incidents include the discovery of backdoors in specific router models and widespread exploitation of unpatched RCE vulnerabilities that facilitated botnet recruitment. With over 100 CVEs on record, the firm faces ongoing scrutiny regarding its patch management lifecycle and the security of its IoT ecosystem, necessitating rigorous updates to mitigate persistent risks associated with its extensive global user base.

Top products by TP-Link Systems Inc.: Archer BE230 v1.2 Archer AX53 v1.0 Tapo C520WS v2.6 VX800v v1.0 TL-WR841N V11 AX53 v1.0 Omada gateways Archer NX600 v3.0 Tapo C260 v1 Tapo C220 v1 Omada Controller Tapo C200 V3 TP-Link Tapo app Deco BE25 v1.0 Omada Software Controller TL-WR841N v14 AX53 v1 WA850RE VIGI NVR1104H-4P V1 SG2008P 3.2x TL-WR802N v4 TL-MR6400 v5.3 Archer AXE75 v1.6/v1.0 EAP610 v3 TD-W8961N v4.0 TL-WR850N v3 Omada Cloud Controller Archer C7 v5 and v5.8 Tapo App TL-WR841N v14/v14.6/v14.8
CVE IDTitleCVSSSeverityPublished
CVE-2026-5039 Predictable Default Cryptographic Key Used for DES Encryption in TP-Link TL-WL841N — TL-WL841N v13CWE-1394 8.8AIHighAI2026-04-23
CVE-2026-5363 Use of weak cryptographic key in TP-Link Archer C7 — Archer C7 v5 and v5.8CWE-326 7.5AIHighAI2026-04-15
CVE-2026-30818 OS Command Injection Vulnerability in dnsmasq Module in TP-Link AX53 — AX53 v1.0CWE-78 8.0AIHighAI2026-04-08
CVE-2026-30817 Arbitrary File Reading Vulnerability in dnsmasq Module in TP-Link AX53 — AX53 v1.0CWE-15 5.7AIMediumAI2026-04-08
CVE-2026-30816 Arbitrary File Reading Vulnerability in OpenVPN Module in TP-Link AX53 — AX53 v1.0CWE-15 5.7AIMediumAI2026-04-08
CVE-2026-30815 OS Command Injection Vulnerability in OpenVPN Module in TP-Link AX53 — AX53 v1.0CWE-78 8.0AIHighAI2026-04-08
CVE-2026-30814 Buffer Overflow Vulnerability in TP-Link AX53 — AX53 v1.0CWE-121 8.0AIHighAI2026-04-08
CVE-2026-34124 Denial of Service via Path Expansion Overflow in HTTP Service in TP-Link Tapo C520WS — Tapo C520WS v2.6CWE-120 6.5AIMediumAI2026-04-02
CVE-2026-34122 Stack-based Buffer Overflow Leading to Denial of Service in TP-Link Tapo C520WS — Tapo C520WS v2.6CWE-121 7.5AIHighAI2026-04-02
CVE-2026-34121 Authentication Bypass in DS Configuration Service via HTTP Request Parsing Differential of TP-Link Tapo C520WS — Tapo C520WS v2.6CWE-287 5.3AIMediumAI2026-04-02
CVE-2026-34120 Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS — Tapo C520WS v2.6CWE-122 6.5AIMediumAI2026-04-02
CVE-2026-34119 Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS — Tapo C520WS v2.6CWE-122 6.5AIMediumAI2026-04-02
CVE-2026-34118 Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS — Tapo C520WS v2.6CWE-122 6.5AIMediumAI2026-04-02
CVE-2026-4346 Cleartext Storage of Administrative and Wi-Fi Credentials via Accessible Serial Interface in TP Link's TL-WR850N — TL-WR850N v3CWE-312 6.8AIMediumAI2026-03-26
CVE-2026-3622 Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N — TL-WR841N v14CWE-125 7.5AIHighAI2026-03-26
CVE-2025-15606 Denial of Service (DoS) in HTTPD Input Handling on TP-Link TD-W8961N — TD-W8961N v4.0CWE-20 7.5 -2026-03-23
CVE-2025-15605 Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 — Archer NX600 v3.0CWE-321 7.1 -2026-03-23
CVE-2025-15519 Command Injection in Modem Management CLI on TP-Link Archer NX200, NX210, NX500 and NX600 — Archer NX600 v3.0CWE-78 6.7 -2026-03-23
CVE-2025-15518 Command Injection in Wireless Control CLI on TP-Link Archer NX200, NX210, NX500 and NX600 — Archer NX600 v3.0CWE-78 6.7 -2026-03-23
CVE-2025-15517 Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600 — Archer NX600 v3.0CWE-306 9.8 -2026-03-23
CVE-2025-15608 Buffer Overflow in Network Probe Handling Function of TP-Link Archer AX53 — AX53 v1CWE-121 9.8 -2026-03-20
CVE-2025-15607 Authenticated Command Injection in mcsd Service of TP-Link Archer AX53 — AX53 v1CWE-77 8.8 -2026-03-20
CVE-2026-3227 Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N — TL-WR802N v4CWE-78 8.8AIHighAI2026-03-13
CVE-2026-1668 Input Validation Vulnerability on Multiple Omada Switches — SG2008P 3.2xCWE-20 9.8 -2026-03-13
CVE-2026-3841 Command Injection Vulnerability in Telnet CLI on TP-Link TL-MR6400 — TL-MR6400 v5.3CWE-78 7.2AIHighAI2026-03-12
CVE-2025-15568 Command Injection Vulnerability on TP-Link Archer AXE75 — Archer AXE75 v1.6/v1.0CWE-78 8.0AIHighAI2026-03-09
CVE-2025-7375 Unauthenticated Denial-of-Service Vulnerability in Omada EAP610 — EAP610 v3CWE-20 6.5 -2026-03-05
CVE-2026-0654 Command injection on TP-Link Deco BE25 — Deco BE25 v1.0CWE-78 8.0AIHighAI2026-03-02
CVE-2026-0655 Path Traversal on TP-Link Deco BE25 — Deco BE25 v1.0CWE-22 7.3AIHighAI2026-03-02
CVE-2025-9293 Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception — Tapo AppCWE-295 6.8AIMediumAI2026-02-13

This page lists every published CVE security advisory associated with TP-Link Systems Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.