These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-12760 is a denial-of-service (DoS) vulnerability identified in Tapo C200 v3. The vulnerability is caused by improper handling of IPv4 fragmented packets in the network packet handling logic. An unauthenticated adjacent attacker can exploit this vulnerability by sending crafted packets, leading to excessive resource consumption and device instability. Successful exploitation can trigger a temporar [truncated]
CVE-2026-11834 is a high-severity command injection vulnerability in multiple TP-Link router models. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially resulting in unauthorized command execution during device initialization or provisioning workflows. This typically occurs when the device is in a factory-default or unconfigured state. Successful exploitati [truncated]
CVE-2026-11410 is an authenticated OS command injection vulnerability in the BigPond Cable (BPA) WAN configuration module of TL-WR940N v6. This vulnerability allows an attacker with administrative access to execute arbitrary system commands with elevated privileges due to improper sanitization of user input. The vulnerability has a CVSS score of 8.5 and is classified as HIGH severity. The CVE was publishe [truncated]
CVE-2026-11409 is an authenticated OS command injection vulnerability in the IPv6 PPPoE configuration handler of TL-WR940N v6. Attackers with administrative access can exploit this issue to execute arbitrary system commands with elevated privileges. The vulnerability has a CVSS score of 8.5 and is classified as HIGH severity. The CVE was published on 2026-06-17 and modified on 2026-06-18. The vendor is li [truncated]
CVE-2026-6250 is an authenticated format string vulnerability in the ONVIF service of Tapo C110 v2. This vulnerability allows a remote authenticated attacker to manipulate stack memory, including control flow data such as return addresses, by interpreting externally controlled data as a format string. Consequently, the attacker may redirect execution flow to existing internal functions, triggering an unau [truncated]
An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1, AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration file. The issue stems from improper filtering of special characters. Successful exploitation of this vulnerabil [truncated]
A command injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when applying configuration changes. Successful exploitation may result in a full compromise of confidentiality, integ [truncated]
CVE-2026-6242 is a MEDIUM-severity vulnerability with a CVSS score of 6.8. The vulnerability exists in the ONVIF Subscribe service of Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An authenticated attacker may inject crafted format strings into event subscription requests or notification generation paths to disrupt normal service execution, potentia [truncated]
CVE-2026-6241 is an authenticated format string vulnerability in the ONVIF AddScopes of Tapo C520WS v2. User-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory handling behavior. Successful exploitation may cause the ONVIF management service to crash, resulting in a DoS condi [truncated]
A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers to overflow stack memory. Successful exploitation may result in a service crash or deadlock, leading to DoS aff [truncated]
A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service. The device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request containing an excessive number of user entries to trigger memory corruption. Successful exploitation may cause the ONVIF management service to [truncated]
A logic flaw in the Tapo C520WS v2 device's API authorization mechanism allows restricted account users to execute unauthorized sensitive operations. The vulnerability, with a CVSS score of 7 and HIGH severity, enables attackers to bypass whitelist restrictions by crafting requests that leverage legitimate 'method mapping' behavior, potentially leading to device resets, unintended configuration changes, o [truncated]
A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2. The vulnerability is caused by improper handling of syntactically invalid input. Crafted inputs can trigger a processing error, causing the RTSP service to enter a non-responsive state. Successful exploitation may cause the RTSP to be in a denial-of-service condition.
A stored cross-site scripting (XSS) vulnerability exists in the web management interface of TP-Link TL-SG108PE v5 switches. The vulnerability stems from improper sanitization of the SYSNAM configuration parameter during configuration file import operations. An attacker with administrative privileges can inject malicious JavaScript into device configuration files, which becomes stored and executes in an ad [truncated]
TP-Link Tapo smart home devices transmit Bluetooth pairing data in cleartext during initial setup, enabling proximity-based attackers to sniff or manipulate device initialization traffic. The vulnerability affects Tapo L535E (v1.0/v3.0) smart bulbs, Tapo P300 (v1.0) smart plugs, and Tapo D100C (v1.0) doorbell chimes. Bluetooth is only active during device initialization, limiting the attack window to the [truncated]
A high-severity authentication bypass vulnerability exists in the Archer C64 v1 router, where a debug SSH service fails to enforce rate-limiting on authentication attempts. The SSH service shares credentials with the web interface, enabling brute-force attacks against administrative accounts. An attacker with adjacent network access can exploit this weakness to obtain valid credentials through unlimited a [truncated]
An authenticated command injection vulnerability in TP-Link Archer BE450 v1 and BE7200 v1 routers allows administrators to execute arbitrary system commands through the web management interface. The vulnerability stems from insufficient input sanitization when crafted input is passed to backend system commands. Successful exploitation grants elevated privileges, enabling unauthorized service startup, syst [truncated]
An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation grants full administrative control of the affected device, with potential impacts to confidentiality, integrity, and availability. The vulnerability ca [truncated]
CVE-2026-5511 describes a limited information-disclosure issue in the web management interface of Archer AX72 (SG) v1. When invalid input is handled by the network diagnostic feature, an authenticated administrator can confirm that the diagnostic utility exists and view its command-line syntax and options. The published description states that the exposure is narrow and does not reveal sensitive system data.
CVE-2026-5039 is a high-severity vulnerability in TP-Link TL-WR841N v13, which uses DES-CBC encryption in the TDDPv2 debug protocol with a predictable cryptographic key derived from default web management credentials. If the device is left in its default configuration, a network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device [truncated]
CVE-2026-0834 is a high-severity logic vulnerability affecting TP-Link Archer C20, Archer AX53, and TL-WR841N v13 devices. The vulnerability allows unauthenticated adjacent attackers to execute administrative commands, including factory resets and reboots, without credentials. This can lead to configuration loss and device availability interruptions. The vulnerability is patched in various firmware versio [truncated]
CVE-2026-5363 is a medium-severity weakness in TP-Link Archer C7 firmware where the web interface uses client-side RSA-1024 encryption for administrator login. According to the supplied record, an adjacent attacker who can intercept network traffic could attempt brute-force or factorization attacks against the 1024-bit RSA key and recover the plaintext admin password, which could lead to unauthorized devi [truncated]
CVE-2026-0629 is a high-severity authentication bypass in the password recovery feature of TP-Link VIGI cameras’ local web interface. According to the CISA CSAF advisory, an attacker on the LAN can manipulate client-side state to reset the admin password without verification and then obtain full administrative access. TP-Link and CISA list firmware updates as the primary remediation, and the advisory was [truncated]
CVE-2026-22226 is a high-severity command injection vulnerability in TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an authenticated admin to gain full administrative control of the device, resulting in severe compromise of configuration integrity, network security, and service availability. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420 and Archer [truncated]