TP-Link Systems Inc. — Vulnerabilities & Security Advisories 107

Browse all 107 CVE security advisories affecting TP-Link Systems Inc.. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-15548	Missing Application-Layer Encryption in Web Interface Endpoints on TP-Link VX800v — VX800v v1.0CWE-311	6.5^AI	Medium^AI	2026-01-29
CVE-2025-15543	Read-Only Root Access via USB Storage Device in TP-Link VX800v — VX800v v1.0CWE-59	4.6^AI	Medium^AI	2026-01-29
CVE-2025-15542	Denial of Service (DoS) of VoIP Communication on TP-Link VX800v — VX800v v1.0CWE-754	7.5^AI	High^AI	2026-01-29
CVE-2025-15541	Access to System Files via SFTP on TP-Link VX800v — VX800v v1.0CWE-59	5.7^AI	Medium^AI	2026-01-29
CVE-2025-13399	Insecure Encryption in Communication with the Web Interface on TP-Link VX800v — VX800v v1.0CWE-331	6.8^AI	Medium^AI	2026-01-29
CVE-2025-15545	Insufficient Backup File Upload Input Validation on TP-Link Archer RE605X — Archer RE605XCWE-20	7.8^AI	High^AI	2026-01-29
CVE-2026-1315	Unauthenticated Denial of Service via Firmware Update Endpoint on TP-Link Tapo C220 & C520WS — Tapo C220 v1CWE-20	6.5^AI	Medium^AI	2026-01-27
CVE-2026-0919	Unauthenticated Denial of Service via Oversized URL in HTTP Parser on TP-Link Tapo C220 & C520WS — Tapo C220 v1CWE-20	7.5^AI	High^AI	2026-01-27
CVE-2026-0918	Null Pointer Dereference in Tapo SmartCam HTTP Service on TP-Link Tapo C220 & C520WS — Tapo C220 v1CWE-476	7.5^AI	High^AI	2026-01-27
CVE-2025-9522	Blind Server-Side Request Forgery (SSRF) in Omada Controller — Omada ControllerCWE-918	7.5^AI	High^AI	2026-01-26
CVE-2025-9521	Password Confirmation Bypass in Omada Controller — Omada ControllerCWE-522	7.5^AI	High^AI	2026-01-26
CVE-2025-9520	IDOR Leading to Owner Account Hijacking in Omada Controller — Omada ControllerCWE-639	6.5^AI	Medium^AI	2026-01-26
CVE-2025-14756	Authenticated Command Injection Vulnerability in Archer MR600 — Archer MR600 v5.0CWE-77	8.8^AI	High^AI	2026-01-26
CVE-2025-9290	Authentication Weakness on Omada Controllers, Gateways and Access Points — Omada Software ControllerCWE-760	5.9	-	2026-01-22
CVE-2025-9289	Cross-Site Scripting (XSS) on Omada Controllers — Omada Software ControllerCWE-79	4.7^AI	Medium^AI	2026-01-22
CVE-2026-0834	Logic Vulnerability on TP-Link Archer C20, Archer AX53 and TL-WR841N v13 — Archer C20 v6.0, Archer AX53 v1.0CWE-290	8.8^AI	High^AI	2026-01-21
CVE-2026-0629	Authentication Bypass in Password Recovery Feature via Local Web App on Multiple VIGI Cameras — VIGI InSight Sx45 Series (S245/S345/S445)CWE-287	8.8	-	2026-01-16
CVE-2025-9014	Null Pointer Dereference Vulnerability on TL-WR841N — TL-WR841N v14CWE-20	7.5^AI	High^AI	2026-01-15
CVE-2025-15035	Arbitrary File Deletion Vulnerability in TP-Link Archer AXE75 — Archer AXE75 v1.6CWE-20	7.3	-	2026-01-09
CVE-2025-14631	Null Pointer Dereference Vulnerability in Malformed 802.11 Frame of TP-Link Archer BE400 — Archer BE400CWE-476	6.5	-	2026-01-07
CVE-2025-14175	Weak Algorithm Support in SSH Server on TL-WR820N — TL-WR820N v2.8CWE-327	6.5	-	2025-12-29
CVE-2025-14300	Unauthenticated Access to connectAP API Endpoint on Tapo C100 and C200 — Tapo C200 V3CWE-306	7.1^AI	High^AI	2025-12-20
CVE-2025-14299	Improper Content-Length Validation in HTTPS Requests on Tapo C200 — Tapo C200 V3CWE-770	5.7^AI	Medium^AI	2025-12-20
CVE-2025-8065	Remote Code Execution via Stack-based Buffer Overflow in ONVIF SOAP Parser in TP-Link Tapo C200 and C520WS — Tapo C200 V3CWE-121	6.5^AI	Medium^AI	2025-12-20
CVE-2025-14739	Uninitialized Pointer Vulnerability in TP-Link WR940N and WR941ND — WR940N and WR941NDCWE-824	8.4^AI	High^AI	2025-12-18
CVE-2025-14738	Configuration Disclosure Vulnerability in TP-Link WA850RE — WA850RECWE-287	7.5^AI	High^AI	2025-12-18
CVE-2025-14737	Command Injection Vulnerability in TP-Link WA850RE — WA850RECWE-78	8.0^AI	High^AI	2025-12-18
CVE-2025-14553	Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network — TP-Link Tapo AppCWE-200	7.3^AI	High^AI	2025-12-16
CVE-2025-7851	Unauthorized root access via debug functionality — Omada gateways	8.4^AI	High^AI	2025-10-21
CVE-2025-7850	Authenticated OS command execution — Omada gatewaysCWE-78	7.2^AI	High^AI	2025-10-21

This page lists every published CVE security advisory associated with TP-Link Systems Inc.. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

TP-Link Systems Inc. — Vulnerabilities & Security Advisories 107