Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TP-Link Systems INC. — Vulnerabilities & Security Advisories 107

Browse all 107 CVE security advisories affecting TP-Link Systems INC.. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TP-Link Systems Inc. operates as a leading manufacturer of consumer networking hardware, primarily producing wireless routers, switches, and smart home devices for residential and small business environments. The company’s firmware and web management interfaces have historically been susceptible to critical vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These weaknesses often stem from insufficient input validation and hardcoded credentials within embedded web servers, allowing attackers to gain unauthorized administrative access or execute arbitrary commands on affected devices. Notable incidents include the discovery of backdoors in specific router models and widespread exploitation of unpatched RCE vulnerabilities that facilitated botnet recruitment. With over 100 CVEs on record, the firm faces ongoing scrutiny regarding its patch management lifecycle and the security of its IoT ecosystem, necessitating rigorous updates to mitigate persistent risks associated with its extensive global user base.

Top products by TP-Link Systems INC.: Archer BE230 v1.2 Archer AX53 v1.0 Tapo C520WS v2.6 VX800v v1.0 TL-WR841N V11 AX53 v1.0 Omada gateways Archer NX600 v3.0 Tapo C260 v1 Tapo C220 v1 Omada Controller Tapo C200 V3 TP-Link Tapo app Deco BE25 v1.0 Omada Software Controller TL-WR841N v14 AX53 v1 WA850RE VIGI NVR1104H-4P V1 SG2008P 3.2x TL-WR802N v4 TL-MR6400 v5.3 Archer AXE75 v1.6/v1.0 EAP610 v3 TD-W8961N v4.0 TL-WR850N v3 Omada Cloud Controller Archer C7 v5 and v5.8 Tapo App TL-WR841N v14/v14.6/v14.8
CVE IDTitleCVSSSeverityPublished
CVE-2025-15548 Missing Application-Layer Encryption in Web Interface Endpoints on TP-Link VX800v — VX800v v1.0CWE-311 6.5AIMediumAI2026-01-29
CVE-2025-15543 Read-Only Root Access via USB Storage Device in TP-Link VX800v — VX800v v1.0CWE-59 4.6AIMediumAI2026-01-29
CVE-2025-15542 Denial of Service (DoS) of VoIP Communication on TP-Link VX800v — VX800v v1.0CWE-754 7.5AIHighAI2026-01-29
CVE-2025-15541 Access to System Files via SFTP on TP-Link VX800v — VX800v v1.0CWE-59 5.7AIMediumAI2026-01-29
CVE-2025-13399 Insecure Encryption in Communication with the Web Interface on TP-Link VX800v — VX800v v1.0CWE-331 6.8AIMediumAI2026-01-29
CVE-2025-15545 Insufficient Backup File Upload Input Validation on TP-Link Archer RE605X — Archer RE605XCWE-20 7.8AIHighAI2026-01-29
CVE-2026-1315 Unauthenticated Denial of Service via Firmware Update Endpoint on TP-Link Tapo C220 & C520WS — Tapo C220 v1CWE-20 6.5AIMediumAI2026-01-27
CVE-2026-0919 Unauthenticated Denial of Service via Oversized URL in HTTP Parser on TP-Link Tapo C210, C220 & C520WS — Tapo C220 v1CWE-20 7.5AIHighAI2026-01-27
CVE-2026-0918 Null Pointer Dereference in Tapo SmartCam HTTP Service on TP-Link Tapo C220 & C520WS — Tapo C220 v1CWE-476 7.5AIHighAI2026-01-27
CVE-2025-9522 Blind Server-Side Request Forgery (SSRF) in Omada Controller — Omada ControllerCWE-918 7.5AIHighAI2026-01-26
CVE-2025-9521 Password Confirmation Bypass in Omada Controller — Omada ControllerCWE-522 7.5AIHighAI2026-01-26
CVE-2025-9520 IDOR Leading to Owner Account Hijacking in Omada Controller — Omada ControllerCWE-639 6.5AIMediumAI2026-01-26
CVE-2025-14756 Authenticated Command Injection Vulnerability in Archer MR600 — Archer MR600 v5.0CWE-77 8.8AIHighAI2026-01-26
CVE-2025-9290 Authentication Weakness on Omada Controllers, Gateways and Access Points — Omada Software ControllerCWE-760 5.9 -2026-01-22
CVE-2025-9289 Cross-Site Scripting (XSS) on Omada Controllers — Omada Software ControllerCWE-79 4.7AIMediumAI2026-01-22
CVE-2026-0834 Logic Vulnerability on TP-Link Archer C20, Archer AX53 and TL-WR841N v13 — Archer C20 v6.0, Archer AX53 v1.0CWE-290 8.8AIHighAI2026-01-21
CVE-2026-0629 Authentication Bypass in Password Recovery Feature via Local Web App on Multiple VIGI Cameras — VIGI InSight Sx45 Series (S245/S345/S445)CWE-287 8.8 -2026-01-16
CVE-2025-9014 Null Pointer Dereference Vulnerability on TL-WR841N — TL-WR841N v14CWE-20 7.5AIHighAI2026-01-15
CVE-2025-15035 Arbitrary File Deletion Vulnerability in TP-Link Archer AXE75 — Archer AXE75 v1.6CWE-20 7.3 -2026-01-09
CVE-2025-14631 Null Pointer Dereference Vulnerability in Malformed 802.11 Frame of TP-Link Archer BE400 — Archer BE400CWE-476 6.5 -2026-01-07
CVE-2025-14175 Weak Algorithm Support in SSH Server on TL-WR820N — TL-WR820N v2.8CWE-327 6.5 -2025-12-29
CVE-2025-14300 Unauthenticated Access to connectAP API Endpoint on Tapo C100 and C200 — Tapo C200 V3CWE-306 7.1AIHighAI2025-12-20
CVE-2025-14299 Improper Content-Length Validation in HTTPS Requests on Tapo C200 — Tapo C200 V3CWE-770 5.7AIMediumAI2025-12-20
CVE-2025-8065 Remote Code Execution via Stack-based Buffer Overflow in ONVIF SOAP Parser in TP-Link Tapo C200 and C520WS — Tapo C200 V3CWE-121 6.5AIMediumAI2025-12-20
CVE-2025-14739 Uninitialized Pointer Vulnerability in TP-Link WR940N and WR941ND — WR940N and WR941NDCWE-824 8.4AIHighAI2025-12-18
CVE-2025-14738 Configuration Disclosure Vulnerability in TP-Link WA850RE — WA850RECWE-287 7.5AIHighAI2025-12-18
CVE-2025-14737 Command Injection Vulnerability in TP-Link WA850RE — WA850RECWE-78 8.0AIHighAI2025-12-18
CVE-2025-14553 Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network — TP-Link Tapo AppCWE-200 7.3AIHighAI2025-12-16
CVE-2025-7851 Unauthorized root access via debug functionality — Omada gateways 8.4AIHighAI2025-10-21
CVE-2025-7850 Authenticated OS command execution — Omada gatewaysCWE-78 7.2AIHighAI2025-10-21

This page lists every published CVE security advisory associated with TP-Link Systems INC.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.