Security Advisory on Denial-of-Service vulnerability in HTTPD Input Handling on TP-Link TD-W8961N (CVE-2025-15606)
95 Important Information:
This device has reached end-of-life (EOL); therefore, please review the ‘Recommendation(s)’ section carefully.
Vulnerability Description and Impact:
A Denial-of-Service (DoS) vulnerability in the httpd component of TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption, resulting in a DoS condition.
CVSS v4.0 Score: 7.1 / High
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products/Versions and Fixes:
|
Affected Product Model |
Affected/Fixed Version |
|
TP-Link TD-W8961N |
< V4_250925 |
Recommendation(s):
We strongly recommend that users with the affected device(s) take the following action(s):
- Download and update to the latest firmware version to fix the vulnerability.
EN: Download for TD-W8961N | TP-Link
- Upgrade the device to one of our supported models to be able to receive automatic updates for ongoing protection.
Note: TD-W8961N is not sold in the US.
Disclaimer:
If you do not take all recommended actions, this vulnerability will remain. TP-Link cannot bear any responsibility for consequences that could have been avoided by following this advisory.
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.