Tp-Link: >> Tl-Wr840n Firmware >> 0.9.1.4.16 Security Vulnerabilities
TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21825.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-05-03
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter.
CVSS Score
7.2
EPSS Score
0.005
Published
2022-03-28
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter.
CVSS Score
7.2
EPSS Score
0.005
Published
2022-03-28
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the httpRemotePort parameter.
CVSS Score
7.2
EPSS Score
0.005
Published
2022-03-28
TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the X_TP_ClonedMACAddress parameter.
CVSS Score
7.2
EPSS Score
0.005
Published
2022-03-28
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
CVSS Score
9.8
EPSS Score
0.919
Published
2021-11-13
The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field.
CVSS Score
8.8
EPSS Score
0.031
Published
2019-08-22