CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-53715 – TP-Link TL-WR841N Wan6to4TunnelCfgRpm.htm buffer overflow
https://notcve.org/view.php?id=CVE-2025-53715
29 Jul 2025 — A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wan6to4TunnelCfgRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. Se ha detectado una vulnerabilidad en TP-Link TL-WR841N V11. • https://www.tp-link.com/us/support/faq/4569 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-53714 – TP-Link TL-WR841N WzdWlanSiteSurveyRpm_AP.htm buffer overflow
https://notcve.org/view.php?id=CVE-2025-53714
29 Jul 2025 — A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WzdWlanSiteSurveyRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. Se ha detectado una vulnerabilidad en TP-Link TL-WR841N V11. • https://www.tp-link.com/us/support/faq/4569 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-53713 – TP-Link TL-WR841N WlanNetworkRpm_APC.htm buffer overflow
https://notcve.org/view.php?id=CVE-2025-53713
29 Jul 2025 — A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_APC.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. Se ha detectado una vulnerabilidad en TP-Link TL-WR841N V11. • https://www.tp-link.com/us/support/faq/4569 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-53712 – TP-Link TL-WR841N WlanNetworkRpm_AP.htm buffer overflow
https://notcve.org/view.php?id=CVE-2025-53712
29 Jul 2025 — A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. Se ha detectado una vulnerabilidad en TP-Link TL-WR841N V11. • https://www.tp-link.com/us/support/faq/4569 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-53711 – TP-Link TL-WR841N WlanNetworkRpm.htm buffer overflow
https://notcve.org/view.php?id=CVE-2025-53711
29 Jul 2025 — A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer. Se ha detectado una vulnerabilidad en TP-Link TL-WR841N V11. • https://www.tp-link.com/us/support/faq/4569 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25427 – XSS in TP-Link TL-WR841N v14/v14.6/v14.8 Upnp page
https://notcve.org/view.php?id=CVE-2025-25427
18 Apr 2025 — A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded. Una vulnerabilidad de cross-site scripting (XSS) almacenado en la página upnp.htm de la interfaz web de TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n permite a ataca... • https://github.com/slin99/2025-25427 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50224 – TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-50224
19 Dec 2023 — TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from improper authentication. • https://www.tp-link.com/en/support/download/tl-wr841n/v12/#Firmware • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-36489
https://notcve.org/view.php?id=CVE-2023-36489
06 Sep 2023 — Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. Múltiples productos TP-LINK permiten que un atacante no autenticado adyacente a la red ejecute comandos arbitrarios del sistema operativo. Los productos/version... • https://jvn.jp/en/vu/JVNVU99392903 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-39745
https://notcve.org/view.php?id=CVE-2023-39745
21 Aug 2023 — TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. • https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/16/TP-Link%20WR940N%20WR941ND%20WR841N%20wireless%20router%20userRpmAccessCtrlAccessRulesRpm%20buffer%20read%20out-of-bounds%20vulnerability.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 11%CPEs: 6EXPL: 1CVE-2023-39747
https://notcve.org/view.php?id=CVE-2023-39747
21 Aug 2023 — TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm. • https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/17/TP-Link%20WR841N%20wireless%20router%20WlanSecurityRpm%20Stack%20Overflow%20vulnerability.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •