Vulnerabilities (CVE)

Filtered by vendor Tp-link Subscribe
Filtered by product Tl-wr840n Firmware
Total 19 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25061 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.
CVE-2022-25060 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.
CVE-2022-26640 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 6.5 MEDIUM 7.2 HIGH
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.
CVE-2022-25064 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.
CVE-2022-26641 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 6.5 MEDIUM 7.2 HIGH
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.
CVE-2021-46122 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 9.0 HIGH 7.2 HIGH
Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.
CVE-2022-26639 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 6.5 MEDIUM 7.2 HIGH
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.
CVE-2022-26642 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 6.5 MEDIUM 7.2 HIGH
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.
CVE-2022-25062 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an integer overflow via the function dm_checkString. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2022-29402 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 7.2 HIGH 6.8 MEDIUM
TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.
CVE-2021-41653 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
CVE-2021-29280 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 4.3 MEDIUM 6.4 MEDIUM
In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow
CVE-2020-36178 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem.
CVE-2018-15840 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command.
CVE-2019-15060 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 6.5 MEDIUM 8.8 HIGH
The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.
CVE-2019-12195 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 3.5 LOW 4.8 MEDIUM
TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.
CVE-2018-15172 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.
CVE-2018-11714 1 Tp-link 4 Tl-wr840n, Tl-wr840n Firmware, Tl-wr841n and 1 more 2024-02-28 10.0 HIGH 9.8 CRITICAL
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action.
CVE-2014-9510 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-02-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import.