Tp-Link: >> Tl-Wr840n Firmware Security Vulnerabilities
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
CVSS Score
9.8
EPSS Score
0.919
Published
2021-11-13
In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow
CVSS Score
6.4
EPSS Score
0.001
Published
2021-08-19
oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem.
CVSS Score
9.8
EPSS Score
0.123
Published
2021-01-06
The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.
CVSS Score
8.8
EPSS Score
0.031
Published
2019-08-22
TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.
CVSS Score
4.8
EPSS Score
0.004
Published
2019-05-24
TP-Link TL-WR840N devices allow remote attackers to cause a denial of service (networking outage) via fragmented packets, as demonstrated by an "nmap -f" command.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-03-29
TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header.
CVSS Score
7.5
EPSS Score
0.101
Published
2018-08-15
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action.
CVSS Score
9.8
EPSS Score
0.059
Published
2018-06-04
Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import.
CVSS Score
6.8
EPSS Score
0.001
Published
2015-01-09
Page 2