Tp-Link: >> Tl-Wr840n Firmware Security Vulnerabilities
A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privileges during port-trigger processing.
Successful exploitation allows an authenticated attacker to execute system commands with root privileges, leading to full device compromise.
CVSS Score
8.5
EPSS Score
0.005
Published
2026-03-16
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21825.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-05-03
TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-05-25
Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-04-18
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-03-28
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-03-28
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-03-28
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-03-28
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.
CVSS Score
9.8
EPSS Score
0.747
Published
2022-02-25
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.
CVSS Score
9.8
EPSS Score
0.86
Published
2022-02-25
Page 1