Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Tp-link Subscribe
Filtered by product Tl-wr840n

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25061 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2023-08-08 7.5 HIGH 9.8 CRITICAL
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.
CVE-2022-25064 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2023-08-08 7.5 HIGH 9.8 CRITICAL
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.
CVE-2022-25060 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2023-08-08 10.0 HIGH 9.8 CRITICAL
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.
CVE-2021-41653 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2021-11-17 10.0 HIGH 9.8 CRITICAL
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
CVE-2020-36178 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2021-01-12 10.0 HIGH 9.8 CRITICAL
oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem.
CVE-2018-11714 1 Tp-link 4 Tl-wr840n, Tl-wr840n Firmware, Tl-wr841n and 1 more 2018-07-31 10.0 HIGH 9.8 CRITICAL
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of "Referer: http://192.168.0.1/mainFrame.htm" then no authentication is required for any action.