Description
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
http://tp-link.com
Broken Link, URL Repurposed x_refsource_misc
http://tl-wr841.com
Third Party Advisory x_refsource_misc
https://pastebin.com/0XRFr3zE
Scores
CVSS v3
8.8
EPSS
0.1230
EPSS Percentile
93.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-120
Status
published
Products (5)
tp-link/tl-wr841_firmware
tp-link/tl-wr841n\(eu\)_firmware
160325
tp-link/tl-wr841n_firmware
3.16.9
tp-link/tl-wr841n_firmware
150616
tp-link/tl-wr841n_firmware
150310
Published
Jul 14, 2022
Tracked Since
Feb 18, 2026