527 CVEs

6 in CISA KEV

tp-link Vulnerabilities

CVE security advisories and vulnerability history for tp-link.

527

Total CVEs

Published

6

In CISA KEV

Exploited in the wild

119

Public exploits

With known exploit

7.5

Avg CVSS

2012–2026

Overview

tp-link has 527 published CVE records since 2012, of which 6 are in CISA's Known Exploited Vulnerabilities catalog and 119 have a known public exploit. The average CVSS base score across scored CVEs is 7.5.

This page aggregates every publicly disclosed vulnerability (CVE) affecting tp-link products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of tp-link's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical19

High185

Medium78

Low4

241 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

6

6 of tp-link's CVEs are confirmed exploited in the wild.

Public exploits

119

119 of tp-link's CVEs have a known public exploit available.

Most affected products

The tp-link products with the most published CVEs.

tl-wr841n40 CVEs
tl-wr886n39 CVEs
tl-wr886n firmware39 CVEs
tl-wr841n firmware38 CVEs
er5120g26 CVEs
er5510g firmware25 CVEs
er5520g25 CVEs
er5120g firmware25 CVEs

Common weakness types

The CWE weakness categories most often found in tp-link CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish tp-link CVE records.

Disclosure activity by year

How many tp-link CVEs were published each year.

2019

24

2020

39

2021

22

2022

58

2023

81

2024

77

2025

36

2026

80

Latest tp-link CVEs

The most recently disclosed vulnerabilities affecting tp-link.

TP-Link TL-WR720N V1_130719 CSRF via Administrative Interfaces
CWE-352
Medium · CVSS 5.3
EPSS 0.0%2026-05-17
Predictable Default Cryptographic Key Used for DES Encryption in TP-Link TL-WL841N
CWE-1394
Medium · CVSS 6.1
EPSS 0.0%2026-04-23
Use of weak cryptographic key in TP-Link Archer C7
CWE-326
Medium · CVSS 5.4
EPSS 0.0%2026-04-15
OS Command Injection Vulnerability in dnsmasq Module in TP-Link AX53
CWE-78
High · CVSS 8.5
EPSS 0.1%2026-04-08
Arbitrary File Reading Vulnerability in dnsmasq Module in TP-Link AX53
CWE-15
Medium · CVSS 6.8
EPSS 0.0%2026-04-08
Arbitrary File Reading Vulnerability in OpenVPN Module in TP-Link AX53
CWE-15
Medium · CVSS 6.8
EPSS 0.0%2026-04-08
OS Command Injection Vulnerability in OpenVPN Module in TP-Link AX53
CWE-78
High · CVSS 8.5
EPSS 0.1%2026-04-08
Buffer Overflow Vulnerability in TP-Link AX53
CWE-121
High · CVSS 7.3
EPSS 0.0%2026-04-08
Denial of Service via Path Expansion Overflow in HTTP Service in TP-Link Tapo C520WS
CWE-120
High · CVSS 7.1
EPSS 0.0%2026-04-02
Stack-based Buffer Overflow Leading to Denial of Service in TP-Link Tapo C520WS
CWE-121
High · CVSS 7.1
EPSS 0.0%2026-04-02
Authentication Bypass in DS Configuration Service via HTTP Request Parsing Differential of TP-Link Tapo C520WS
CWE-287
High · CVSS 8.7
EPSS 0.1%2026-04-02
Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS
CWE-122
High · CVSS 7.1
EPSS 0.0%2026-04-02

Track new tp-link CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor tp-link CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

itsourcecode548 CVEs typo3548 CVEs SAP_SE543 CVEs QNAP Systems Inc.532 CVEs linuxfoundation531 CVEs crates.io527 CVEs gnome505 CVEs Lenovo502 CVEs

Browse all vendors

Frequently asked questions

Common questions about tp-link vulnerabilities.

How many CVEs does tp-link have?

tp-link has 527 published CVE records since 2012, including 116 in the last two years.

How many tp-link CVEs are in CISA KEV?

Yes — 6 of tp-link's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which tp-link products have the most CVEs?

The tp-link products with the most published CVEs are tl-wr841n, tl-wr886n, tl-wr886n firmware, tl-wr841n firmware, er5120g.

What are the most common weakness types in tp-link CVEs?

tp-link's CVEs most often map to these CWE weakness types: CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-121 (Stack-based Buffer Overflow), CWE-787 (Out-of-bounds Write), CWE-120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')).

Are there public exploits for tp-link vulnerabilities?

Yes — 119 of tp-link's CVEs have a known public exploit.

How many critical tp-link vulnerabilities are there?

tp-link has 19 critical and 185 high-severity CVEs.

What is the average severity of tp-link CVEs?

The average CVSS base score across tp-link's scored CVEs is 7.5.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track tp-link vulnerabilities

Monitor new tp-link vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing