VYPR

Tl Wr841n

by TP-Link

CVEs (50)

  • CVE-2015-3035HigKEVApr 22, 2015
    risk 0.70cvss 7.5epss 0.84

    Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302,…

  • CVE-2018-11714CriJun 4, 2018
    risk 0.67cvss 9.8epss 0.37

    An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker…

  • CVE-2018-12575CriJul 2, 2018
    risk 0.64cvss 9.8epss 0.03

    On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.

  • CVE-2026-5039HigApr 23, 2026
    risk 0.57cvss 8.8epss 0.00

    TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to…

  • CVE-2026-0834HigJan 21, 2026
    risk 0.57cvss 8.8epss 0.00

    Logic vulnerability in TP-Link Archer C20 v5, 6.0, Archer AX53 v1.0 and TL-WR841N v13 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can…

  • CVE-2018-15702HigOct 1, 2018
    risk 0.57cvss 8.8epss 0.00

    The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field.

  • CVE-2018-12577HigJul 2, 2018
    risk 0.57cvss 8.8epss 0.03

    The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.

  • CVE-2018-12574HigJul 2, 2018
    risk 0.57cvss 8.8epss 0.00

    CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.

  • CVE-2026-3622HigMar 26, 2026
    risk 0.49cvss 7.5epss 0.00

    The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service…

  • CVE-2026-3227MedMar 16, 2026
    risk 0.44cvss 6.8epss 0.01

    A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted…

  • CVE-2018-15701MedOct 1, 2018
    risk 0.42cvss 6.5epss 0.01

    The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Cookie field.

  • CVE-2018-15700MedOct 1, 2018
    risk 0.42cvss 6.5epss 0.01

    The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to a denial of service when an unauthenticated LAN user sends a crafted HTTP header containing an unexpected Referer field.

  • CVE-2018-12576MedJul 2, 2018
    risk 0.28cvss 4.3epss 0.01

    TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.

  • CVE-2023-33538KEVJun 7, 2023
    risk 0.19cvss epss 0.42

    TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

  • CVE-2023-50224KEVMay 3, 2024
    risk 0.12cvss epss 0.17

    TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit…

  • CVE-2020-35576Jan 25, 2021
    risk 0.09cvss epss 0.42

    A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577.

  • CVE-2012-5687Nov 1, 2012
    risk 0.08cvss epss 0.69

    Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.

  • CVE-2012-6276Jan 26, 2013
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter.

  • CVE-2020-8423Apr 2, 2020
    risk 0.02cvss epss 0.09

    A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network.

  • CVE-2019-17147Jan 7, 2020
    risk 0.02cvss epss 0.14

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default.…

Page 1 of 3