CVE-2019-6989

HIGH

TP-Link TL-WR940N - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-6989. PoCs published by Grzegorz Wypych.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in TP-LINK TL-WR940N/TL-WR941ND routers, leveraging a crafted payload to achieve remote code execution via a reverse shell. It uses ROP gadgets and shellcode to bypass protections and execute arbitrary commands.

Description

TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.

Exploits (1)

exploitdb WORKING POC
by Grzegorz Wypych · pythonremotehardware
https://www.exploit-db.com/exploits/46678

This exploit targets a buffer overflow vulnerability in TP-LINK TL-WR940N/TL-WR941ND routers, leveraging a crafted payload to achieve remote code execution via a reverse shell. It uses ROP gadgets and shellcode to bypass protections and execute arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: TP-LINK TL-WR940N/TL-WR941ND
Auth required
Prerequisites: Network access to the target router · Valid admin credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46678/

Scores

CVSS v3 8.8
EPSS 0.1158
EPSS Percentile 95.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (2)
tp-link/tl-wr940n_firmware
tp-link/tl-wr941nd_firmware
Published Jun 06, 2019
Tracked Since Feb 18, 2026