COOEY // HUBcompliance · community · intelligence

FAIL › dossier

tp-link vendor

· dossier confidence 20%

TP-Link is a major wireless networking vendor with a significant security track record of critical RCE vulnerabilities in consumer routers that have been actively exploited by threat actors.

7
failure events
0
zero-days
5
RCEs
0
on KEV
7
critical
50
worst shame

Profile

Category
vendor
What they do
TP-Link is a global leader in wireless networking and smart home solutions, providing routers, mesh systems, and smart home devices.
Website
https://www.tp-link.com

Security posture

TP-Link has a history of critical remote code execution (RCE) vulnerabilities in consumer routers, including command injection and buffer overflow flaws in firmware components.

Notable failures
  • CVE-2021-42232: Command injection in tddp binary
  • CVE-2022-25061: Command injection via oal_setIp6DefaultRoute
  • CVE-2022-25060: Command injection via oal_startPing
  • CVE-2022-25064: RCE via oal_wan6_setIpAddr
  • CVE-2021-41653: RCE via crafted IP address payload
  • CVE-2023-34832: Buffer overflow in Archer AX10 firmware
Patterns
Repeated unpatched edge-device RCEs; Command injection in router firmware; Active exploitation by threat actors

Failure history 7 events

DateEventSevFlagsShameSummary
2022-08-23 CVE-2021-42232 critical ⚡RCE 50 TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the
2022-02-25 CVE-2022-25061 critical ⚡RCE 50 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.
2022-02-25 CVE-2022-25060 critical ⚡RCE 50 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.
2022-02-25 CVE-2022-25064 critical ⚡RCE 50 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.
2021-11-13 CVE-2021-41653 critical ⚡RCE 50 The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
2023-06-16 CVE-2023-34832 critical 35 TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4.
2026-03-20 CVE-2025-15608 critical CVE-2025-15608: This vulnerability in AX53 v1, AX55 v4 and AX55 v4.6 results from insufficient i

Dossier sources

Open questions: TP-Link's patch management process for enterprise-grade firmware · TP-Link's compliance with CMMC requirements for defense contractors