Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Tl\-Wr841n_firmware
(Tp\-Link)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-02-24 | CVE-2022-25073 | TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code. | Tl\-Wr841n_firmware | 9.8 | ||
| 2022-07-14 | CVE-2022-30024 | A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected. | Tl\-Wr841_firmware, Tl\-Wr841n\(Eu\)_firmware, Tl\-Wr841n_firmware | 8.8 | ||
| 2022-12-20 | CVE-2022-46912 | An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image. | Tl\-Wr841n_firmware, Tl\-Wr841nd_v7_firmware | 8.8 | ||
| 2023-06-22 | CVE-2023-36354 | TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | Tl\-Wr740n_firmware, Tl\-Wr841n_firmware, Tl\-Wr940n_firmware, Tl\-Wr941nd_firmware | 7.5 | ||
| 2023-06-22 | CVE-2023-36356 | TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | Tl\-Wr740n_firmware, Tl\-Wr841n_firmware, Tl\-Wr940n_firmware, Tl\-Wr941nd_firmware | 7.7 | ||
| 2023-09-06 | CVE-2023-36489 | Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'. | Tl\-Wr802n_firmware, Tl\-Wr841n_firmware, Tl\-Wr902ac_firmware | 8.8 | ||
| 2018-07-02 | CVE-2018-12577 | The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection. | Tl\-Wr841n_firmware | 8.8 | ||
| 2020-01-07 | CVE-2019-17147 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute... | Tl\-Wr841n_firmware | N/A | ||
| 2018-07-02 | CVE-2018-12576 | TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. | Tl\-Wr841n_firmware | 4.3 | ||
| 2018-07-02 | CVE-2018-12575 | On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. | Tl\-Wr841n_firmware | 9.8 |