CVE-2021-41653

CRITICAL EXPLOITED IN THE WILD NUCLEI

TP-Link TL-WR840N EU v5 Firmware <= TL-WR840N(EU)_V5_171211 - Remote Code Execution via PING IP Address Input

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-41653 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including likeww. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits a command injection vulnerability in TP-Link TL-WR840N EU v5 routers via the ping diagnostic functionality. It generates a reverse shell payload using msfvenom and executes it through a crafted HTTP request.

Description

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.

Exploits (1)

nomisec WORKING POC
by likeww · remote
https://github.com/likeww/CVE-2021-41653

This PoC exploits a command injection vulnerability in TP-Link TL-WR840N EU v5 routers via the ping diagnostic functionality. It generates a reverse shell payload using msfvenom and executes it through a crafted HTTP request.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: TP-Link TL-WR840N EU v5
Auth required
Prerequisites: Network access to the router · Valid admin credentials · TFTP server hosting the payload
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

TP-Link - OS Command Injection
CRITICALby gy741

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
http://tp-link.com
Vendor Advisory x_refsource_misc
https://www.tp-link.com/us/press/security-advisory/
Exploit, Third Party Advisory x_refsource_misc
https://k4m1ll0.com/cve-2021-41653.html

Scores

CVSS v3 9.8
EPSS 0.9191
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-12-08
InTheWild.io 2021-12-08
CWE
CWE-94
Status published
Products (1)
tp-link/tl-wr840n_firmware < tl-wr840n\(eu\)_v5_171211
Published Nov 13, 2021
Tracked Since Feb 18, 2026