CVE-2023-36357

HIGH

TP-Link TL-WR940N/TL-WR841N/TL-WR941ND - Denial of Service via LocalManageControlRpm GET Request

Title source: llm

Description

An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/a101e-IoTvul/iotvul/blob/main/tp-link/5/TL-WR941ND_TL-WR940N_TL-WR841N_userRpm_LocalManageControlRpm.md

Scores

CVSS v3 7.7

EPSS 0.0009

EPSS Percentile 25.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (3)

tp-link/tl-wr841n_firmware

tp-link/tl-wr940n_firmware

tp-link/tl-wr941nd_firmware

Published Jun 22, 2023

Tracked Since Feb 18, 2026