cbcvebase.

Tp-Link Tl-Wr802N Firmware vulnerabilities

5 known vulnerabilities affecting tp-link/tl-wr802n_firmware.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2021-4144P3HIGHCVSS 8.8fixed in 2112022021-12-23
CVE-2021-4144 [HIGH] CWE-78 CVE-2021-4144: TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS com TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection.
nvd
CVE-2023-36489P3HIGHCVSS 8.8fixed in 2210082023-09-06
CVE-2023-36489 [HIGH] CWE-78 CVE-2023-36489: Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'.
nvd
CVE-2021-29302P3HIGHCVSS 8.1≤ 2020.062021-04-12
CVE-2021-29302 [HIGH] CWE-120 CVE-2021-29302: TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in the httpd process in the body message. The attack vector is: The attacker can get shell of the router by sending a message through the network, which may lead to remote code execution.
nvd
CVE-2026-3227P3MEDIUMCVSS 6.8fixed in 2603042026-03-16
CVE-2026-3227 [MEDIUM] CWE-78 CVE-2026-3227: A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR84 A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privile
nvd
CVE-2021-3275P4MEDIUMCVSS 6.1vv4_us_0.9.1_3.17_up_boot\[200421-rel38950\]2021-03-26
CVE-2021-3275 [MEDIUM] CWE-79 CVE-2021-3275: Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp
nvd
Tp-Link Tl-Wr802N Firmware vulnerabilities | cvebase