VYPR

TL-WR940N V4

by TP-Link

CVEs (24)

  • CVE-2023-33538HigKEVJun 7, 2023
    risk 0.73cvss 8.8epss 0.42

    TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .

  • CVE-2023-36355CriJun 22, 2023
    risk 0.70cvss 9.9epss 0.32

    TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

  • CVE-2023-39747CriAug 21, 2023
    risk 0.64cvss 9.8epss 0.08

    TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm.

  • CVE-2019-6989HigJun 6, 2019
    risk 0.61cvss 8.8epss 0.12

    TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the…

  • CVE-2022-43636HigMar 29, 2023
    risk 0.57cvss 8.8epss 0.01

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which…

  • CVE-2022-24355HigFeb 18, 2022
    risk 0.57cvss 8.8epss 0.02

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing…

  • CVE-2025-6151HigJun 17, 2025
    risk 0.54cvss epss 0.03

    A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm, which may lead to buffer overflow. The attack may be launched remotely. This vulnerability only affects…

  • CVE-2023-33537HigJun 7, 2023
    risk 0.53cvss 8.1epss 0.01

    TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/FixMapCfgRpm.

  • CVE-2023-33536HigJun 7, 2023
    risk 0.53cvss 8.1epss 0.01

    TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component /userRpm/WlanMacFilterRpm.

  • CVE-2024-54887HigJan 9, 2025
    risk 0.52cvss 8.0epss 0.05

    TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the…

  • CVE-2022-24973HigMar 28, 2023
    risk 0.52cvss 8.0epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd…

  • CVE-2022-0650HigMar 28, 2023
    risk 0.52cvss 8.0epss 0.01

    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd…

  • CVE-2023-36358HigJun 22, 2023
    risk 0.50cvss 7.7epss 0.01

    TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

  • CVE-2023-36357HigJun 22, 2023
    risk 0.50cvss 7.7epss 0.01

    An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

  • CVE-2023-36356HigJun 22, 2023
    risk 0.50cvss 7.7epss 0.01

    TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

  • CVE-2023-39745HigAug 21, 2023
    risk 0.49cvss 7.5epss 0.01

    TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

  • CVE-2023-36359HigJun 22, 2023
    risk 0.49cvss 7.5epss 0.01

    TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

  • CVE-2023-36354HigJun 22, 2023
    risk 0.49cvss 7.5epss 0.01

    TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET…

  • CVE-2023-23040HigFeb 22, 2023
    risk 0.49cvss 7.5epss 0.00

    TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.

  • CVE-2022-43635MedMar 29, 2023
    risk 0.42cvss 6.5epss 0.01

    This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service,…

Page 1 of 2