VYPR

TL-WR840N

by TP-Link

CVEs (22)

  • CVE-2022-25061CriFeb 25, 2022
    risk 0.70cvss 9.8epss 0.72

    TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.

  • CVE-2021-41653CriNov 13, 2021
    risk 0.70cvss 9.8epss 0.77

    The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.

  • CVE-2022-25060CriFeb 25, 2022
    risk 0.68cvss 9.8epss 0.52

    TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.

  • CVE-2022-25064CriFeb 25, 2022
    risk 0.67cvss 9.8epss 0.40

    TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.

  • CVE-2018-11714CriJun 4, 2018
    risk 0.67cvss 9.8epss 0.37

    An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker…

  • CVE-2020-36178CriJan 6, 2021
    risk 0.64cvss 9.8epss 0.10

    oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE:…

  • CVE-2019-15060HigAug 22, 2019
    risk 0.58cvss 8.8epss 0.04

    The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.

  • CVE-2018-15172HigAug 15, 2018
    risk 0.52cvss 7.5epss 0.08

    TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.

  • CVE-2018-14336HigJul 19, 2018
    risk 0.52cvss 7.5epss 0.08

    TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.

  • CVE-2022-25062HigFeb 25, 2022
    risk 0.49cvss 7.5epss 0.04

    TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2018-15840HigMar 29, 2019
    risk 0.49cvss 7.5epss 0.02

    TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command.

  • CVE-2021-46122HigApr 18, 2022
    risk 0.47cvss 7.2epss 0.02

    Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.

  • CVE-2022-26642HigMar 28, 2022
    risk 0.47cvss 7.2epss 0.01

    TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.

  • CVE-2022-26641HigMar 28, 2022
    risk 0.47cvss 7.2epss 0.01

    TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.

  • CVE-2022-26640HigMar 28, 2022
    risk 0.47cvss 7.2epss 0.01

    TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.

  • CVE-2022-26639HigMar 28, 2022
    risk 0.47cvss 7.2epss 0.01

    TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.

  • CVE-2026-3227MedMar 16, 2026
    risk 0.44cvss 6.8epss 0.01

    A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted…

  • CVE-2022-29402MedMay 25, 2022
    risk 0.44cvss 6.8epss 0.00

    TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.

  • CVE-2021-29280MedAug 19, 2021
    risk 0.42cvss 6.4epss 0.01

    In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow

  • CVE-2019-12195MedMay 24, 2019
    risk 0.34cvss 4.8epss 0.02

    TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the…

Page 1 of 2