Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TP-Link Systems INC. — Vulnerabilities & Security Advisories 107

Browse all 107 CVE security advisories affecting TP-Link Systems INC.. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TP-Link Systems Inc. operates as a leading manufacturer of consumer networking hardware, primarily producing wireless routers, switches, and smart home devices for residential and small business environments. The company’s firmware and web management interfaces have historically been susceptible to critical vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These weaknesses often stem from insufficient input validation and hardcoded credentials within embedded web servers, allowing attackers to gain unauthorized administrative access or execute arbitrary commands on affected devices. Notable incidents include the discovery of backdoors in specific router models and widespread exploitation of unpatched RCE vulnerabilities that facilitated botnet recruitment. With over 100 CVEs on record, the firm faces ongoing scrutiny regarding its patch management lifecycle and the security of its IoT ecosystem, necessitating rigorous updates to mitigate persistent risks associated with its extensive global user base.

Top products by TP-Link Systems INC.: Archer BE230 v1.2 Archer AX53 v1.0 Tapo C520WS v2.6 VX800v v1.0 TL-WR841N V11 AX53 v1.0 Omada gateways Archer NX600 v3.0 Tapo C260 v1 Tapo C220 v1 Omada Controller Tapo C200 V3 TP-Link Tapo app Deco BE25 v1.0 Omada Software Controller TL-WR841N v14 AX53 v1 WA850RE VIGI NVR1104H-4P V1 SG2008P 3.2x TL-WR802N v4 TL-MR6400 v5.3 Archer AXE75 v1.6/v1.0 EAP610 v3 TD-W8961N v4.0 TL-WR850N v3 Omada Cloud Controller Archer C7 v5 and v5.8 Tapo App TL-WR841N v14/v14.6/v14.8
CVE IDTitleCVSSSeverityPublished
CVE-2025-9292 Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers — Omada Cloud ControllerCWE-942 7.5AIHighAI2026-02-13
CVE-2026-1571 Reflected XSS Vulnerability on TP-Link Archer C60 — Archer C60 v3CWE-79 6.1AIMediumAI2026-02-11
CVE-2026-0651 Path Traversal on TP-Link Tapo D235 and C260 via Local https — Tapo C260 v1CWE-22 6.1AIMediumAI2026-02-10
CVE-2026-0652 Remote Code Execution on TP-Link Tapo C260 by Guest User — Tapo C260 v1CWE-78 8.8AIHighAI2026-02-10
CVE-2026-0653 Insecure Access Control on TP-Link Tapo D235 and C260 — Tapo C260 v1CWE-284 8.1AIHighAI2026-02-10
CVE-2025-15557 Improper Certificate Validation in TP-Link Tapo H100 and P100 Allows Man-in-the-Middle Attack — Tapo H100 v1CWE-295 7.5AIHighAI2026-02-05
CVE-2025-15551 LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N — Archer MR200 v5.2CWE-95 8.1AIHighAI2026-02-05
CVE-2025-62673 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53 — Archer AX53 v1.0CWE-122 8.8AIHighAI2026-02-03
CVE-2025-62501 SSH Hostkey Misconfiguration Vulnerability in TP-Link Archer AX53 — Archer AX53 v1.0CWE-322 8.1AIHighAI2026-02-03
CVE-2025-62405 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53 — Archer AX53 v1.0CWE-122 8.0AIHighAI2026-02-03
CVE-2025-62404 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53 — Archer AX53 v1.0CWE-122 8.0AIHighAI2026-02-03
CVE-2025-61983 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53 — Archer AX53 v1.0CWE-122 8.0AIHighAI2026-02-03
CVE-2025-61944 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53 — Archer AX53 v1.0CWE-122 8.0AIHighAI2026-02-03
CVE-2025-59487 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53 — Archer AX53 v1.0CWE-122 8.0AIHighAI2026-02-03
CVE-2025-59482 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53 — Archer AX53 v1.0CWE-122 8.0AIHighAI2026-02-03
CVE-2025-58455 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53 — Archer AX53 v1.0CWE-122 8.0AIHighAI2026-02-03
CVE-2025-58077 Heap-based Buffer Overflow Vulnerability in TP-Link Archer AX53 — Archer AX53 v1.0CWE-122 8.0AIHighAI2026-02-03
CVE-2026-0620 L2TP over IPSec Encryption Failure on ArcherAXE75 — AXE75CWE-693 7.5AIHighAI2026-02-03
CVE-2026-22228 Improper Input Validation Leading to DoS on TP-Link Archer BE230 — Archer BE230 v1.2CWE-400 4.4AIMediumAI2026-02-03
CVE-2026-22220 Improper Input Validation Leading to DoS on TP-Link Archer BE230 — Archer BE230 v1.2CWE-20 4.5AIMediumAI2026-02-03
CVE-2026-22229 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 and Deco BE25 v1.0 — Archer BE230 v1.2CWE-78 7.7AIHighAI2026-02-02
CVE-2026-22227 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 — Archer BE230 v1.2CWE-78 8.4AIHighAI2026-02-02
CVE-2026-22226 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 — Archer BE230 v1.2CWE-78 8.4AIHighAI2026-02-02
CVE-2026-22225 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 and AXE75 v1.0 — Archer BE230 v1.2CWE-78 8.4AIHighAI2026-02-02
CVE-2026-22224 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 — Archer BE230 v1.2CWE-78 8.4AIHighAI2026-02-02
CVE-2026-22222 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 — Archer BE230 v1.2CWE-78 9.0AICriticalAI2026-02-02
CVE-2026-0631 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 — Archer BE230 v1.2CWE-78 9.0AICriticalAI2026-02-02
CVE-2026-0630 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 and AXE75 v1.0 — Archer BE230 v1.2CWE-78 8.0AIHighAI2026-02-02
CVE-2026-22221 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 — Archer BE230 v1.2CWE-78 9.0AICriticalAI2026-02-02
CVE-2026-1457 Authenticated RCE Vulnerability Due to Buffer Overflow on TP-Link VIGI C385 — VIGI C485 V1CWE-121 8.8AIHighAI2026-01-29

This page lists every published CVE security advisory associated with TP-Link Systems INC.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.