TL-WR840N
by TP-Link
CVEs (22)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-25061 | Cri | 0.70 | 9.8 | 0.72 | Feb 25, 2022 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. | ||
| CVE-2021-41653 | Cri | 0.70 | 9.8 | 0.77 | Nov 13, 2021 | The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | ||
| CVE-2022-25060 | Cri | 0.68 | 9.8 | 0.52 | Feb 25, 2022 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. | ||
| CVE-2022-25064 | Cri | 0.67 | 9.8 | 0.40 | Feb 25, 2022 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. | ||
| CVE-2018-11714 | Cri | 0.67 | 9.8 | 0.37 | Jun 4, 2018 | An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker… | ||
| CVE-2020-36178 | Cri | 0.64 | 9.8 | 0.10 | Jan 6, 2021 | oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE:… | ||
| CVE-2019-15060 | Hig | 0.58 | 8.8 | 0.04 | Aug 22, 2019 | The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field. | ||
| CVE-2018-15172 | Hig | 0.52 | 7.5 | 0.08 | Aug 15, 2018 | TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. | ||
| CVE-2018-14336 | Hig | 0.52 | 7.5 | 0.08 | Jul 19, 2018 | TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses. | ||
| CVE-2022-25062 | Hig | 0.49 | 7.5 | 0.04 | Feb 25, 2022 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||
| CVE-2018-15840 | Hig | 0.49 | 7.5 | 0.02 | Mar 29, 2019 | TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command. | ||
| CVE-2021-46122 | Hig | 0.47 | 7.2 | 0.02 | Apr 18, 2022 | Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature. | ||
| CVE-2022-26642 | Hig | 0.47 | 7.2 | 0.01 | Mar 28, 2022 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. | ||
| CVE-2022-26641 | Hig | 0.47 | 7.2 | 0.01 | Mar 28, 2022 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter. | ||
| CVE-2022-26640 | Hig | 0.47 | 7.2 | 0.01 | Mar 28, 2022 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter. | ||
| CVE-2022-26639 | Hig | 0.47 | 7.2 | 0.01 | Mar 28, 2022 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. | ||
| CVE-2026-3227 | Med | 0.44 | 6.8 | 0.01 | Mar 16, 2026 | A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted… | ||
| CVE-2022-29402 | Med | 0.44 | 6.8 | 0.00 | May 25, 2022 | TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. | ||
| CVE-2021-29280 | Med | 0.42 | 6.4 | 0.01 | Aug 19, 2021 | In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow | ||
| CVE-2019-12195 | Med | 0.34 | 4.8 | 0.02 | May 24, 2019 | TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the… |
- risk 0.70cvss 9.8epss 0.72
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.
- risk 0.70cvss 9.8epss 0.77
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
- risk 0.68cvss 9.8epss 0.52
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.
- risk 0.67cvss 9.8epss 0.40
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.
- risk 0.67cvss 9.8epss 0.37
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker…
- risk 0.64cvss 9.8epss 0.10
oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE:…
- risk 0.58cvss 8.8epss 0.04
The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.
- risk 0.52cvss 7.5epss 0.08
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.
- risk 0.52cvss 7.5epss 0.08
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
- risk 0.49cvss 7.5epss 0.04
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
- risk 0.49cvss 7.5epss 0.02
TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command.
- risk 0.47cvss 7.2epss 0.02
Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.
- risk 0.47cvss 7.2epss 0.01
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.
- risk 0.47cvss 7.2epss 0.01
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.
- risk 0.47cvss 7.2epss 0.01
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.
- risk 0.47cvss 7.2epss 0.01
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.
- risk 0.44cvss 6.8epss 0.01
A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted…
- risk 0.44cvss 6.8epss 0.00
TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.
- risk 0.42cvss 6.4epss 0.01
In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow
- risk 0.34cvss 4.8epss 0.02
TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the…
Page 1 of 2