cbcvebase.

Tp-Link Tl-Wr841N Firmware vulnerabilities

30 known vulnerabilities affecting tp-link/tl-wr841n_firmware.

Total CVEs
30
CISA KEV
3
actively exploited
Public exploits
5
Exploited in wild
4
Severity breakdown
CRITICAL4HIGH20MEDIUM6

Vulnerabilities

Page 2 of 2
CVE-2025-53711P3HIGHCVSS 7.5≤ 1603252025-07-29
CVE-2025-53711 [HIGH] CWE-119 CVE-2025-53711: A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnera A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remo
nvd
CVE-2025-53714P3HIGHCVSS 7.5≤ 1603252025-07-29
CVE-2025-53714 [HIGH] CWE-119 CVE-2025-53714: A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wz A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WzdWlanSiteSurveyRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerabilit
nvd
CVE-2025-53715P3HIGHCVSS 7.5≤ 1603252025-07-29
CVE-2025-53715 [HIGH] CWE-119 CVE-2025-53715: A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wa A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/Wan6to4TunnelCfgRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability on
nvd
CVE-2022-46912P3HIGHCVSS 8.8≤ 3.13.92022-12-20
CVE-2022-46912 [HIGH] CVE-2022-46912: An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allo An issue in the firmware update process of TP-Link TL-WR841N / TL-WA841ND V7 3.13.9 and earlier allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image.
nvd
CVE-2026-3622P3HIGHCVSS 7.5fixed in 0.9.1_4.192026-03-26
CVE-2026-3622 [HIGH] CWE-125 CVE-2026-3622: The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation lea The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This vulnerability affects TL-WR841N v14 < EN_0.9.1 4.19 Build 260303 R
nvd
CVE-2026-3227P3MEDIUMCVSS 6.8fixed in 2603032026-03-16
CVE-2026-3227 [MEDIUM] CWE-78 CVE-2026-3227: A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR84 A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router configuration import function allows an authenticated attacker to upload a crafted configuration file that results in execution of OS commands with root privile
nvd
CVE-2018-12574P3HIGHCVSS 8.8v0.9.1_4.162018-07-02
CVE-2018-12574 [HIGH] CWE-352 CVE-2018-12574: CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001. CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.
nvd
CVE-2022-42202P4MEDIUMCVSS 6.1v4.17.16_build_120201_rel.54750n2022-10-18
CVE-2022-42202 [MEDIUM] CWE-79 CVE-2022-42202: TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS). TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).
nvd
CVE-2018-12576P4MEDIUMCVSS 4.3v0.9.1_4.162018-07-02
CVE-2018-12576 [MEDIUM] CWE-1021 CVE-2018-12576: TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.
nvd
CVE-2012-6316P4MEDIUMCVSS 4.3≤ 3.13.92014-09-30
CVE-2012-6316 [MEDIUM] CWE-79 CVE-2012-6316: Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3. Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm.
nvd
Tp-Link Tl-Wr841N Firmware vulnerabilities | cvebase