Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tl\-Wr840n_firmware
(Tp\-Link)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 19 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-03-28 | CVE-2022-26642 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter. | Tl\-Wr840n_firmware | 7.2 | ||
| 2022-04-18 | CVE-2021-46122 | Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature. | Tl\-Wr840n_firmware | 7.2 | ||
| 2022-05-25 | CVE-2022-29402 | TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. | Tl\-Wr840n_firmware | 6.8 | ||
| 2019-08-22 | CVE-2019-15060 | The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field. | Tl\-Wr840n_firmware | 8.8 | ||
| 2019-05-24 | CVE-2019-12195 | TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet. | Tl\-Wr840n_firmware | 4.8 | ||
| 2019-03-29 | CVE-2018-15840 | TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command. | Tl\-Wr840n_firmware | 7.5 | ||
| 2018-08-15 | CVE-2018-15172 | TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. | Tl\-Wr840n_firmware | 7.5 | ||
| 2018-06-04 | CVE-2018-11714 | An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action. | Tl\-Wr840n_firmware, Tl\-Wr841n_firmware | 9.8 | ||
| 2015-01-09 | CVE-2014-9510 | Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. | Tl\-Wr840n_firmware | N/A |