tp-link security advisories
7 threat alerts tracking vulnerabilities and security advisories that affect tp-link products.
Vulnios monitors tp-link CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent tp-link security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2017-11519 — tp-link — archer_c9_\(2.0\)_firmware, archer_c9_\(2.0\)
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.
criticalCVE-2017-11519Critical Vulnerability: CVE-2017-9466 — tp-link — wr841n_v8_firmware, wr841n_v8
The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which all
criticalCVE-2017-9466Critical Vulnerability: CVE-2017-8220 — tp-link — c2_firmware, c2
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP PO
criticalCVE-2017-8220Critical Vulnerability: CVE-2017-8218 — tp-link — c2_firmware, c2
vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password,
criticalCVE-2017-8218Critical Vulnerability: CVE-2017-8075 — tp-link — tl-sg108e_firmware, tl-sg108e
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
criticalCVE-2017-8075Critical Vulnerability: CVE-2017-8076 — tp-link — tl-sg108e_firmware, tl-sg108e
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
criticalCVE-2017-8076Critical Vulnerability: CVE-2017-8074 — tp-link — tl-sg108e_firmware, tl-sg108e
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmwa
criticalCVE-2017-8074
Track tp-link exposure across your environment
Vulnios automatically cross-references your asset inventory against new tp-link CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan