Statement on the buffer overflow on TL-WR940N, TL-WR841N (CVE-2025-6151)
73 Important Information:
This device has reached end-of-life (EOL); therefore, please review the ‘Recommendation(s)’ section carefully.
Vulnerability Description:
A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm, which may lead to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
Impact:
The HTTP service crashes and can be restored after the reset on TL-WR940N or after the reboot on TL-WR841N.
CVSS v4.0 Score: 8.2 / High
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
Affected Products/Versions and Fixes:
|
Affected Product Model |
Related Vulnerabilities |
Affected Version |
|
TL-WR940N V4 |
CVE-2025-6151 |
<= 160617 |
|
TL-WR841N V11 |
CVE-2025-6151 |
<= 160325 |
Recommendation(s):
We strongly recommended that users with the affected device(s) take the following action(s):
- Upgrade the device to one of our supported models to be able to receive automatic updates for ongoing protection.
Disclaimer:
If you do not take the recommended action(s) stated above, this vulnerability concern will remain. TP-Link cannot bear any responsibility for the consequences that could have been avoided by following the recommended action(s) in this statement.
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.