Statement on Deny of Service (DoS) vulnerability on TL-WR940N V6 (CVE-2025-11676)
143 Statement on Deny of Service (DoS) vulnerability on TL-WR940N V6 (CVE-2025-11676)
Vulnerability Description:
Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 (UPnP modules), which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 <= Build 220801.
Impact:
This vulnerability may cause the UPnP service on the device to become unavailable.
CVSS v4.0 Score: 7.1 / High
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products/Versions and Fixes:
|
Affected Product Model |
Related Vulnerabilities |
Affected Version |
Fixed Version |
|
TL-WR940N V6 |
CVE-2025-11676 |
<= Build 220801 |
Build 250919 Build 250925 |
Recommendation(s):
We strongly recommended that users with the affected device(s) take the following action(s):
- Download and update to the latest firmware to fix the vulnerabilities.
The latest firmware of related models and download links are below:
https://www.tp-link.com/us/support/download/tl-wr940n/v6/#Firmware
https://www.tp-link.com/en/support/download/tl-wr940n/v6/#Firmware
Disclaimer:
If you do not take the recommended action(s) stated above, this vulnerability concern will remain. TP-Link cannot bear any responsibility for the consequences that could have been avoided by following the recommended action(s) in this statement.
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.