Vulnerabilities (CVE)

Filtered by vendor Tp-link Subscribe
Filtered by product Tl-wr841n
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-12575 1 Tp-link 2 Tl-wr841n, Tl-wr841n Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request.
CVE-2018-12574 1 Tp-link 2 Tl-wr841n, Tl-wr841n Firmware 2024-02-28 6.8 MEDIUM 8.8 HIGH
CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.
CVE-2018-11714 1 Tp-link 4 Tl-wr840n, Tl-wr840n Firmware, Tl-wr841n and 1 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action.
CVE-2012-6316 1 Tp-link 2 Tl-wr841n, Tl-wr841n Firmware 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm.
CVE-2012-6276 1 Tp-link 2 Tl-wr841n, Tl-wr841n Firmware 2024-02-28 4.3 MEDIUM N/A
Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter.
CVE-2012-5687 1 Tp-link 2 Tl-wr841n, Tl-wr841n Firmware 2024-02-28 7.8 HIGH N/A
Directory traversal vulnerability in the web-based management feature on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to the help/ URI.