Unrated severityNVD Advisory· Published Jun 4, 2018· Updated Sep 16, 2024

CVE-2018-11714

Description

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/44781/mitreexploitx_refsource_EXPLOIT-DB
blog.securelayer7.net/time-to-disable-tp-link-home-wifi-router/mitrex_refsource_MISC

News mentions

RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits
Trend Micro Research · Oct 9, 2025

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000