TL-WR840N
by TP-Link
CVEs (22)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11714 | Cri | 0.67 | 9.8 | 0.37 | Jun 4, 2018 | An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker… | ||
| CVE-2018-15172 | Hig | 0.52 | 7.5 | 0.08 | Aug 15, 2018 | TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. | ||
| CVE-2018-14336 | Hig | 0.52 | 7.5 | 0.08 | Jul 19, 2018 | TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses. | ||
| CVE-2026-3227 | Med | 0.44 | 6.8 | 0.01 | Mar 16, 2026 | A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted… | ||
| CVE-2022-25061 | 0.07 | — | 0.72 | Feb 25, 2022 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. | |||
| CVE-2021-41653 | 0.07 | — | 0.77 | Nov 13, 2021 | The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | |||
| CVE-2022-25060 | 0.06 | — | 0.52 | Feb 25, 2022 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. | |||
| CVE-2022-25064 | 0.05 | — | 0.40 | Feb 25, 2022 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. | |||
| CVE-2019-12195 | 0.03 | — | 0.02 | May 24, 2019 | TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the… | |||
| CVE-2022-25062 | 0.02 | — | 0.04 | Feb 25, 2022 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||
| CVE-2020-36178 | 0.01 | — | 0.10 | Jan 6, 2021 | oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE:… | |||
| CVE-2022-29402 | 0.00 | — | 0.00 | May 25, 2022 | TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. | |||
| CVE-2021-46122 | 0.00 | — | 0.01 | Apr 18, 2022 | Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature. | |||
| CVE-2022-26642 | 0.00 | — | 0.01 | Mar 28, 2022 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. | |||
| CVE-2022-26641 | 0.00 | — | 0.01 | Mar 28, 2022 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter. | |||
| CVE-2022-26640 | 0.00 | — | 0.01 | Mar 28, 2022 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter. | |||
| CVE-2022-26639 | 0.00 | — | 0.01 | Mar 28, 2022 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. | |||
| CVE-2021-29280 | 0.00 | — | 0.01 | Aug 19, 2021 | In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow | |||
| CVE-2019-15060 | 0.00 | — | 0.04 | Aug 22, 2019 | The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field. | |||
| CVE-2018-18489 | 0.00 | — | 0.02 | Apr 16, 2019 | The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472. |
- risk 0.67cvss 9.8epss 0.37
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker…
- risk 0.52cvss 7.5epss 0.08
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.
- risk 0.52cvss 7.5epss 0.08
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
- risk 0.44cvss 6.8epss 0.01
A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted…
- CVE-2022-25061Feb 25, 2022risk 0.07cvss —epss 0.72
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.
- CVE-2021-41653Nov 13, 2021risk 0.07cvss —epss 0.77
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
- CVE-2022-25060Feb 25, 2022risk 0.06cvss —epss 0.52
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.
- CVE-2022-25064Feb 25, 2022risk 0.05cvss —epss 0.40
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.
- CVE-2019-12195May 24, 2019risk 0.03cvss —epss 0.02
TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the…
- CVE-2022-25062Feb 25, 2022risk 0.02cvss —epss 0.04
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
- CVE-2020-36178Jan 6, 2021risk 0.01cvss —epss 0.10
oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE:…
- CVE-2022-29402May 25, 2022risk 0.00cvss —epss 0.00
TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.
- CVE-2021-46122Apr 18, 2022risk 0.00cvss —epss 0.01
Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.
- CVE-2022-26642Mar 28, 2022risk 0.00cvss —epss 0.01
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.
- CVE-2022-26641Mar 28, 2022risk 0.00cvss —epss 0.01
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.
- CVE-2022-26640Mar 28, 2022risk 0.00cvss —epss 0.01
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.
- CVE-2022-26639Mar 28, 2022risk 0.00cvss —epss 0.01
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.
- CVE-2021-29280Aug 19, 2021risk 0.00cvss —epss 0.01
In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow
- CVE-2019-15060Aug 22, 2019risk 0.00cvss —epss 0.04
The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.
- CVE-2018-18489Apr 16, 2019risk 0.00cvss —epss 0.02
The ping feature in the Diagnostic functionality on TP-LINK WR840N v2 Firmware 3.16.9 Build 150701 Rel.51516n devices allows remote attackers to cause a denial of service (HTTP service termination) by modifying the packet size to be higher than the UI limit of 1472.
Page 1 of 2