TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HTp Link Tl Wr740n
HWTp-Link1.02.0Tp Link Tl Wr740n Firmware
OSTp-Linkwszystkie wersjeTp Link Tl Wr841n
HWTp-Link10.08.0Tp Link Tl Wr841n Firmware
OSTp-Linkwszystkie wersjeTp Link Tl Wr940n
HWTp-Link2.04.0Tp Link Tl Wr940n Firmware
OSTp-Linkwszystkie wersje
CISA KEV — detailsi
- Vendori
- TP-Link
- Producti
- Multiple Routers
- Added to KEVi
- June 16, 2025
- Remediation deadline (US Federal)i
- July 7, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Related vulnerabilities
TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDyna...
TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr...
On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web i...
An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR8...
The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link...