CVE Tracker

Track known exploited vulnerabilities, CISA KEV alerts, and linked threat intelligence.

2,234

Total CVEs

1,589

CISA KEV

41

Known Exploits

8.8

Avg CVSS Score

Severity Distribution

CRITICAL 8

HIGH 1599

MEDIUM 7

INFO 620

Top Vendors

Newest CVSS EPSS

Filter:All CISA KEV

CRITICAL8 HIGH1599 MEDIUM7 LOW0

Showing 12 of 12 CVEs matching "TP-Link"

Page 1 of 1

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2026-15519(1)	Info	—	—	Referenced in article: TP-Link Patches High-Severity Router Vulnerabilities	Mar 28, 2026	—
CVE-2026-15518(1)	Info	—	—	Referenced in article: TP-Link Patches High-Severity Router Vulnerabilities	Mar 28, 2026	—
CVE-2025-15519(2)	Info	0.0%	—	Referenced in article: TP-Link warns users to patch critical router auth bypass flaw	Mar 28, 2026	—
CVE-2025-15518(2)	Info	0.0%	—	Referenced in article: TP-Link warns users to patch critical router auth bypass flaw	Mar 28, 2026	—
CVE-2025-15605(2)	Info	0.0%	—	Referenced in article: TP-Link warns users to patch critical router auth bypass flaw	Mar 28, 2026	—
CVE-2025-15517(2)	Info	0.0%	—	Referenced in article: TP-Link warns users to patch critical router auth bypass flaw	Mar 28, 2026	—
CVE-2023-50224(1)	High	1.5%	TP-LinkTL-WR841N	TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored credentials. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Sep 3, 2025	KEV
CVE-2025-9377(1)	High	15.6%	TP-LinkMultiple Routers	TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Sep 3, 2025	KEV
CVE-2020-24363	High	11.1%	TP-LinkTL-WA855RE	TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Sep 2, 2025	KEV
CVE-2023-33538	High	91.3%	TP-LinkMultiple Routers	TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.	Jun 16, 2025	KEV
CVE-2023-1389	High	93.5%	TP-LinkArcher AX21	TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.	May 1, 2023	KEV
CVE-2015-3035(1)	High	92.9%	TP-LinkMultiple Archer Devices	Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.	Mar 25, 2022	KEV

Referenced in article: TP-Link Patches High-Severity Router Vulnerabilities

Referenced in article: TP-Link Patches High-Severity Router Vulnerabilities

Referenced in article: TP-Link warns users to patch critical router auth bypass flaw

Referenced in article: TP-Link warns users to patch critical router auth bypass flaw

Referenced in article: TP-Link warns users to patch critical router auth bypass flaw

Referenced in article: TP-Link warns users to patch critical router auth bypass flaw

CVE-2023-50224KEV

TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored credentials. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

TP-LinkEPSS 1.5%

CVE-2025-9377KEV

TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

TP-LinkEPSS 15.6%

CVE-2020-24363KEV

TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

TP-LinkEPSS 11.1%

CVE-2023-33538KEV

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

TP-LinkEPSS 91.3%

CVE-2023-1389KEV

TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution.

TP-LinkEPSS 93.5%

CVE-2015-3035KEV

Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

TP-LinkEPSS 92.9%