CVE-2026-11410 OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N

The CVE-2026-11410 entry concerns TL-WR940N v6 (BigPond Cable BPA WAN config) with an authenticated OS command injection caused by improper input sanitization in the configuration module. An administrator can trigger arbitrary command execution with elevated privileges on the device via the BPA W...

CVE-2025-11676

Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 UPnP modules, which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 = Build 220801...

CVE-2025-11676 UPnP DOS in TL-WR940N V6

Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 UPnP modules, which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 = Build 220801...

CVE-2025-11676 UPnP DOS in TL-WR940N V6

Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 UPnP modules, which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 = Build 220801...

CVE-2025-11676

CVE-2025-11676 affects TP-Link TL-WR940N V6 (UPnP modules). The issue is an improper input validation vulnerability that allows unauthenticated adjacent attackers to cause a denial-of-service, affecting TL-WR940N V6

PT-2025-47559

Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 UPnP modules, which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 = Build 220801...

EUVD-2022-48977

Malicious code in bioql PyPI...

Exploit for Command Injection in Tp-Link Tl-Wr940N_Firmware

CVE-2023-33538 – TP-Link TL-WR940N/841N Command Injection Met...

CVE-2025-6151

A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm, which may lead to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no long...

CVE-2025-6151

CVE-2025-6151 affects TP-Link TL-WR940N V4 and TL-WR841N V11. The root cause is a buffer overflow in the /userRpm/WanSlaacCfgRpm.htm functionality triggered by manipulating the dnsserver1 parameter. This can be exploited remotely over the network, and the affected devices are no longer supported ...

VulnCheck KEV: CVE-2023-33538

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...

PT-2025-25605 · Tp Link · Tp-Link Tl-Wr940N

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR940N version V4 Description: A critical vulnerability has been found in the TP-Link TL-WR940N V4, affecting some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm. The manipulation of the argument dnsserver1 leads to...

CVE-2023-23040

TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication...

CVE-2022-46139

TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service DoS via uploading a crafted firmware image during the firmware update process...

CVE-2019-6989

TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevate...

CVE-2022-24355

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name...

TP-LINK TL-WR940N Buffer Overflow Vulnerability (CNVD-2025-02852)

The TP-LINK TL-WR940N is a wireless router from China P&L TP-LINK. The TP-LINK TL-WR940N suffers from a buffer overflow vulnerability that originates from a boundary error in the dnsserver1 and dnsserver2 parameters in /userRpm/Wan6to4TunnelCfgRpm.htm when processing untrusted input. An attacker...

CVE-2024-54887

TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root us...

CVE-2024-54887

TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root us...

TP-LINK TL-WR940N 安全漏洞

The TP-LINK TL-WR940N is a wireless router from China P&L TP-LINK. The TP-LINK TL-WR940N suffers from a buffer overflow vulnerability that originates from a boundary error in the dnsserver1 and dnsserver2 parameters in /userRpm/Wan6to4TunnelCfgRpm.htm when processing untrusted input. An attacker...