VYPR

TL-WR840N

by TP-Link

CVEs (22)

  • CVE-2018-11714CriJun 4, 2018
    risk 0.67cvss 9.8epss 0.37

    An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker…

  • CVE-2018-15172HigAug 15, 2018
    risk 0.52cvss 7.5epss 0.08

    TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.

  • CVE-2018-14336HigJul 19, 2018
    risk 0.52cvss 7.5epss 0.08

    TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.

  • CVE-2026-3227MedMar 16, 2026
    risk 0.44cvss 6.8epss 0.01

    A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted…

  • CVE-2022-25061Feb 25, 2022
    risk 0.07cvss epss 0.72

    TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.

  • CVE-2021-41653Nov 13, 2021
    risk 0.07cvss epss 0.77

    The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.

  • CVE-2022-25060Feb 25, 2022
    risk 0.06cvss epss 0.52

    TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.

  • CVE-2022-25064Feb 25, 2022
    risk 0.05cvss epss 0.40

    TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.

  • CVE-2019-12195May 24, 2019
    risk 0.03cvss epss 0.02

    TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the…

  • CVE-2022-25062Feb 25, 2022
    risk 0.02cvss epss 0.04

    TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2020-36178Jan 6, 2021
    risk 0.01cvss epss 0.10

    oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE:…

  • CVE-2022-29402May 25, 2022
    risk 0.00cvss epss 0.00

    TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.

  • CVE-2021-46122Apr 18, 2022
    risk 0.00cvss epss 0.01

    Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.

  • CVE-2022-26642Mar 28, 2022
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.

  • CVE-2022-26641Mar 28, 2022
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.

  • CVE-2022-26640Mar 28, 2022
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.

  • CVE-2022-26639Mar 28, 2022
    risk 0.00cvss epss 0.01

    TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.

  • CVE-2021-29280Aug 19, 2021
    risk 0.00cvss epss 0.01

    In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow

  • CVE-2019-15060Aug 22, 2019
    risk 0.00cvss epss 0.04

    The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.

  • CVE-2018-18489Apr 16, 2019
    risk 0.00cvss epss 0.02

    The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472.

Page 1 of 2