Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

TP-Link Systems INC. — Vulnerabilities & Security Advisories 107

Browse all 107 CVE security advisories affecting TP-Link Systems INC.. AI-powered Chinese analysis, POCs, and references for each vulnerability.

TP-Link Systems Inc. operates as a leading manufacturer of consumer networking hardware, primarily producing wireless routers, switches, and smart home devices for residential and small business environments. The company’s firmware and web management interfaces have historically been susceptible to critical vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These weaknesses often stem from insufficient input validation and hardcoded credentials within embedded web servers, allowing attackers to gain unauthorized administrative access or execute arbitrary commands on affected devices. Notable incidents include the discovery of backdoors in specific router models and widespread exploitation of unpatched RCE vulnerabilities that facilitated botnet recruitment. With over 100 CVEs on record, the firm faces ongoing scrutiny regarding its patch management lifecycle and the security of its IoT ecosystem, necessitating rigorous updates to mitigate persistent risks associated with its extensive global user base.

Top products by TP-Link Systems INC.: Archer BE230 v1.2 Archer AX53 v1.0 Tapo C520WS v2.6 VX800v v1.0 TL-WR841N V11 AX53 v1.0 Omada gateways Archer NX600 v3.0 Tapo C260 v1 Tapo C220 v1 Omada Controller Tapo C200 V3 TP-Link Tapo app Deco BE25 v1.0 Omada Software Controller TL-WR841N v14 AX53 v1 WA850RE VIGI NVR1104H-4P V1 SG2008P 3.2x TL-WR802N v4 TL-MR6400 v5.3 Archer AXE75 v1.6/v1.0 EAP610 v3 TD-W8961N v4.0 TL-WR850N v3 Omada Cloud Controller Archer C7 v5 and v5.8 Tapo App TL-WR841N v14/v14.6/v14.8
CVE IDTitleCVSSSeverityPublished
CVE-2025-6542 OS command injection in multiple parameters — Omada gatewaysCWE-78 9.8AICriticalAI2025-10-21
CVE-2025-6541 OS command injection using information obtained from the web management interface — Omada gatewaysCWE-78 7.2AIHighAI2025-10-21
CVE-2025-10991 Root Access via UART — Tapo D230S1 V1.20 6.8AIMediumAI2025-09-30
CVE-2025-9961 Authenticated RCE by CWMP binary — AX10 V1/V1.2/V2/V2.6/V3/V3.6CWE-120 7.5AIHighAI2025-09-06
CVE-2025-9377 Authenticated RCE via Parental Control command injection — Archer C7(EU) V2CWE-78 8.8 -2025-08-29
CVE-2025-8627 Unauthenticated Protocol Commands on TP-Link KP303 — TP-Link KP303 (US) Smartplug 8.1AIHighAI2025-08-25
CVE-2025-53715 TP-Link TL-WR841N Wan6to4TunnelCfgRpm.htm buffer overflow — TL-WR841N V11CWE-119 7.5AIHighAI2025-07-29
CVE-2025-53714 TP-Link TL-WR841N WzdWlanSiteSurveyRpm_AP.htm buffer overflow — TL-WR841N V11CWE-119 7.5AIHighAI2025-07-29
CVE-2025-53713 TP-Link TL-WR841N WlanNetworkRpm_APC.htm buffer overflow — TL-WR841N V11CWE-120 7.5AIHighAI2025-07-29
CVE-2025-53712 TP-Link TL-WR841N WlanNetworkRpm_AP.htm buffer overflow — TL-WR841N V11CWE-120 7.5AIHighAI2025-07-29
CVE-2025-53711 TP-Link TL-WR841N, TL-WR842ND and TL-WR949N WlanNetworkRpm.htm buffer overflow — TL-WR841N v11CWE-120 7.5AIHighAI2025-07-29
CVE-2025-7724 Unauthenticated command injection on VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 — VIGI NVR1104H-4P V1CWE-78 9.8 -2025-07-22
CVE-2025-7723 Authenticated command injection on VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 — VIGI NVR1104H-4P V1CWE-78 8.8 -2025-07-22
CVE-2025-6982 Hardcoded DES Decryption Keys in TP-Link Archer C50 V3/V4/V5 and C20 V5 — Archer C50 V3CWE-798 7.5AIHighAI2025-07-16
CVE-2025-6151 TP-Link TL-WR940N, TL-WR841N WanSlaacCfgRpm.htm buffer overflow — TL-WR940N V4CWE-120 9.8AICriticalAI2025-06-17
CVE-2025-4975 Tapo privilege escalation on shared devices using notifications — TP-Link Tapo appCWE-863 8.8AIHighAI2025-05-22
CVE-2025-25427 XSS in TP-Link TL-WR841N v14/v14.6/v14.8 Upnp page — TL-WR841N v14/v14.6/v14.8CWE-79 6.1 -2025-04-18

This page lists every published CVE security advisory associated with TP-Link Systems INC.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.