cbcvebase.

Tp-Link Tl-Wr940N Firmware vulnerabilities

8 known vulnerabilities affecting tp-link/tl-wr940n_firmware.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2022-24355P2HIGHCVSS 8.8fixed in 2111112022-02-18
CVE-2022-24355 [HIGH] CWE-121 CVE-2022-24355: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name extensions. The issue results from the lack of proper validat
nvd
CVE-2022-43636P3HIGHCVSS 8.8v6_211111_3.20.12023-03-29
CVE-2022-43636 [HIGH] CWE-330 CVE-2022-43636: This vulnerability allows network-adjacent attackers to bypass authentication on affected installati This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of sufficient
nvd
CVE-2022-0650P3HIGHCVSS 8.0fixed in 2111112023-03-28
CVE-2022-0650 [HIGH] CWE-121 CVE-2022-0650: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack
nvd
CVE-2022-24973P3HIGHCVSS 8.0v3.20.12023-03-28
CVE-2022-24973 [HIGH] CWE-121 CVE-2022-24973: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lac
nvd
CVE-2024-54887P3HIGHCVSS 8.0≤ 3.16.92025-01-09
CVE-2024-54887 [HIGH] CWE-120 CVE-2024-54887: TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsse TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.
nvd
CVE-2023-23040P3HIGHCVSS 7.5v6_3.19.12023-02-22
CVE-2023-23040 [HIGH] CWE-327 CVE-2023-23040: TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin pa TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.
nvd
CVE-2022-43635P3MEDIUMCVSS 6.5v6_211111_3.20.12023-03-29
CVE-2022-43635 [MEDIUM] CWE-303 CVE-2022-43635: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the incorre
nvd
CVE-2022-24972P3MEDIUMCVSS 6.5v3.20.12023-03-28
CVE-2022-24972 [MEDIUM] CWE-284 CVE-2022-24972: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue result
nvd
Tp-Link Tl-Wr940N Firmware vulnerabilities | cvebase