CVE-2025-15606

HIGH

Denial of Service (DoS) in HTTPD Input Handling on TP-Link TD-W8961N

Title source: cna

Description

A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption, resulting in a DoS condition.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://www.tp-link.com/us/support/faq/5028/

Patch patch

https://www.tp-link.com/en/support/download/td-w8961n/v4/#Firmware

Scores

CVSS v3 7.5

EPSS 0.0008

EPSS Percentile 23.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (2)

tp-link/td-w8961nd_firmware < 250925

TP-Link Systems Inc./TD-W8961N v4.0 < V4_250925

Published Mar 23, 2026

Tracked Since Mar 24, 2026