TP-Link Product Security Advisory
Protecting our customers from threats to their security is always an important task for TP-Link. As a key player in global Networking and Smart Home markets, we will do our utmost to provide our users with secure stable products and services, and to strictly protect the privacy and security of their data.
We welcome and encourage all reports related to product security or user privacy. We will follow established processes to address them and provide timely feedback.
Report Vulnerabilities to TP-Link
We strongly encourage organizations and individuals to contact TP-Link’s security team to report any potential security issue.
Contact way | |
Email address | security@vigi.com |
Template | Potential vulnerability report template |
Hours | TP-Link will endeavor to respond to the report within five working days. |
PGP Public Key | Click to download |
TP-Link will need to obtain detailed information about the reported vulnerability to more accurately and quickly begin the verification process. We strongly recommend submitting a vulnerability report according to the template we provide above.
TP-Link supports encrypted messages using Pretty Good Privacy (PGP)/GNU Privacy Guard (GPG) encryption software.
Responsible Reporting Guidelines
1. All parties to a vulnerability disclosure should comply with the laws of their country or region.
2. Vulnerability reports should be based on the latest released firmware, and preferably written in English.
3. Report vulnerabilities through the dedicated communication channel. TP-Link may receive reports from other channels but does not guarantee that the report will be acknowledged.
4. Adhere to data protection principles at all times and do not violate the privacy and data security of TP-Link's users, employees, agents, services or systems during the vulnerability discovery process.
5. Maintain communication and cooperation during the disclosure process and avoid disclosing information about the vulnerability prior to the negotiated disclosure date.
6. TP-Link is not currently operating a vulnerability bounty program.
How TP-Link Deals with Vulnerabilities
-
Awareness & Receipt
-
Verification
-
Remediation
-
Notification
TP-Link encourages customers, vendors, independent researchers, security organizations, etc. to proactively report any potential vulnerabilities to the security team. At the same time, TP-Link will proactively obtain information about vulnerabilities in TP-Link products from the community, vulnerability repositories and various security websites. In order to be aware of vulnerabilities as soon as they are discovered.
TP-Link will respond to vulnerability reports as soon as possible, usually within five business days.
TP-Link Security will work with the product team to perform a preliminary analysis and validation of the report to determine the validity, severity and impact of the vulnerability. We may contact you if we need more information about the reported vulnerability.
Once the vulnerability has been identified, we will develop and implement a remediation plan to provide a solution for all affected customers.
Remediation typically takes up to 90 days and in some cases may take longer.
You can keep up to date with our progress and the completion of any remediation activities.
TP-Link will issue a security advisory when one or more of the following conditions are met:
1. The severity of the vulnerability is rated CRITICAL by the TP-Link security team and TP-Link has completed the vulnerability response process and sufficient mitigation solutions are available to assist customers in eliminating all security risks.
2. If the vulnerability has been actively exploited and is likely to increase the security risk to TP-Link customers, or if the vulnerability is likely to increase public concern about the security of TP-Link products, TP-Link will expedite the release of a security bulletin about the vulnerability, which may or may not include a full firmware patch or emergency fix.
Click to submit a security-related inquiry regarding one of our products to TP-Link Technical Support.
Bulletin
[4308] Soporte de software y firmware para productos al final de su vida útil (EOS)
[4061] Declaración sobre las vulnerabilidades observadas en el informe del sistema Omada
[4008] Declaración sobre la ejecución de comandos LAN en Archer C5400X (CVE-2024-5035)
[3722] Declaración sobre las vulnerabilidades de Tapo L530 y Tapo App
[3348] Declaración sobre la vulnerabilidad RCE de Spring Framework
[3279] Aviso de seguridad para vulnerabilidades de KCodes NetUSB
[3255] Declaración sobre la vulnerabilidad de Apache Log4j
[3252] Declaración de la vulnerabilidad de Archer AX6000 informada por el inspector de IoT
[3056] Declaración de vulnerabilidades de Fragmento y Forja (FragAttacks)
[2803] Desbordamiento de búfer en la vulnerabilidad pppd
[2492] Vulnerabilidad de ejecución remota de código en RE365
[2393] Kasa Smart - Preguntas generales sobre seguridad y privacidad
[2279] GhostDNS Malware Security
[2278] GhostDNS Malware Security
[2277] Vulnerabilidad de Explotación Remota
[2276] Vulnerabilidad de Explotación Remota
[2217] Aviso sobre sitios web fraudulentos y no afiliados a TP-Link
[2213] Seguridad contra malware VPNFilter
[2212] Información sobre malware de VPNFilter
[2166] Corrección de vulnerabilidades de TL-WR740N y TL-WR940N