Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tl\-Wr841n_firmware
(Tp\-Link)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-06 | CVE-2023-36489 | Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. | Tl\-Wr802n_firmware, Tl\-Wr841n_firmware, Tl\-Wr902ac_firmware | 8.8 | ||
| 2018-07-02 | CVE-2018-12577 | The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. | Tl\-Wr841n_firmware | 8.8 | ||
| 2020-01-07 | CVE-2019-17147 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute... | Tl\-Wr841n_firmware | N/A | ||
| 2018-07-02 | CVE-2018-12576 | TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. | Tl\-Wr841n_firmware | 4.3 | ||
| 2018-07-02 | CVE-2018-12575 | On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. | Tl\-Wr841n_firmware | 9.8 | ||
| 2018-07-02 | CVE-2018-12574 | CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices. | Tl\-Wr841n_firmware | 8.8 | ||
| 2018-06-04 | CVE-2018-11714 | An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action. | Tl\-Wr840n_firmware, Tl\-Wr841n_firmware | 9.8 | ||
| 2014-09-30 | CVE-2012-6316 | Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. | Tl\-Wr841n, Tl\-Wr841n_firmware | N/A | ||
| 2013-01-26 | CVE-2012-6276 | Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter. | Tl\-Wr841n, Tl\-Wr841n_firmware | N/A | ||
| 2012-11-01 | CVE-2012-5687 | Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI. | Tl\-Wr841n, Tl\-Wr841n_firmware | N/A |