Tl-wr841n Firmware Security Vulnerabilities and Issues — Tl-wr841n Firmware CVE List

Lucene search

Tp-linkTl-wr841n Firmware

26 matches found

CVE•added 2023/06/07 4:15 a.m.•206 views

CVE-2023-33538

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

8.8CVSS8.9AI score0.915EPSS

CVE•added 2023/06/07 4:15 a.m.•171 views

CVE-2023-33536

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm.

8.1CVSS8.3AI score0.00125EPSS

CVE•added 2023/06/07 4:15 a.m.•132 views

CVE-2023-33537

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm.

8.1CVSS8.3AI score0.00125EPSS

CVE•added 2020/01/07 11:15 p.m.•125 views

CVE-2019-17147

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host ...

9.3CVSS8.9AI score0.21995EPSS

CVE•added 2021/01/26 6:15 p.m.•103 views

CVE-2020-35576

A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.

9CVSS8.9AI score0.69832EPSS

CVE•added 2022/02/24 3:15 p.m.•72 views

CVE-2022-25073

TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.

10CVSS10AI score0.03346EPSS

CVE•added 2022/02/09 11:15 p.m.•65 views

CVE-2022-0162

The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform...

9.8CVSS9.2AI score0.00157EPSS

CVE•added 2012/11/01 10:44 a.m.•63 views

CVE-2012-5687

Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.

7.8CVSS6.7AI score0.6748EPSS

CVE•added 2018/07/02 4:29 p.m.•59 views

CVE-2018-12575

On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.

9.8CVSS9.5AI score0.00764EPSS

CVE•added 2013/01/26 9:55 p.m.•56 views

CVE-2012-6276

Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter.

4.3CVSS6.9AI score0.0944EPSS

CVE•added 2024/05/03 3:16 a.m.•56 views

CVE-2023-50224

TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. Th...

6.5CVSS6.1AI score0.00083EPSS

CVE•added 2022/07/14 2:15 p.m.•51 views

CVE-2022-30024

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841...

8.8CVSS9AI score0.1393EPSS

CVE•added 2018/07/02 4:29 p.m.•46 views

CVE-2018-12574

CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.

8.8CVSS8.6AI score0.00141EPSS

CVE•added 2018/07/02 4:29 p.m.•46 views

CVE-2018-12577

The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.

8.8CVSS8.7AI score0.03453EPSS

CVE•added 2022/12/20 8:15 p.m.•46 views

CVE-2022-46912

An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.

8.8CVSS8.8AI score0.00282EPSS

CVE•added 2014/09/30 2:55 p.m.•43 views

CVE-2012-6316

Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm.

4.3CVSS5.9AI score0.00252EPSS

CVE•added 2018/06/04 2:29 p.m.•42 views

CVE-2018-11714

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "...

10CVSS9.3AI score0.0594EPSS

CVE•added 2018/07/02 4:29 p.m.•42 views

CVE-2018-12576

TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.

4.3CVSS4.8AI score0.00278EPSS

CVE•added 2023/06/22 8:15 p.m.•41 views

CVE-2023-36357

An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

7.7CVSS7.2AI score0.0009EPSS

CVE•added 2020/04/02 5:15 p.m.•40 views

CVE-2020-8423

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network.

9CVSS7.5AI score0.31269EPSS

CVE•added 2022/10/18 1:15 p.m.•40 views

CVE-2022-42202

TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).

6.1CVSS6.1AI score0.00113EPSS

CVE•added 2023/09/06 10:15 a.m.•40 views

CVE-2023-36489

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC fi...

8.8CVSS8.9AI score0.0014EPSS

CVE•added 2023/06/22 8:15 p.m.•38 views

CVE-2023-36358

TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

7.7CVSS7.6AI score0.00084EPSS

CVE•added 2023/06/22 8:15 p.m.•37 views

CVE-2023-36354

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

7.5CVSS7.6AI score0.00109EPSS

CVE•added 2023/06/22 8:15 p.m.•34 views

CVE-2023-36359

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

7.5CVSS7.6AI score0.00109EPSS

CVE•added 2023/06/22 8:15 p.m.•30 views

CVE-2023-36356

TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

7.7CVSS7.4AI score0.00068EPSS