COOEY // HUBcompliance · community · intelligence

FAIL › dossier

tl-wr840n firmware product

· dossier confidence 80%

TP-Link TL-WR840N firmware contains multiple critical RCE vulnerabilities discovered in 2021 and 2022, posing significant risk to network infrastructure.

4
failure events
0
zero-days
4
RCEs
0
on KEV
4
critical
50
worst shame

Profile

Category
product
What they do
TP-Link TL-WR840N is a consumer-grade wireless router firmware widely deployed in residential and small business networks.

Security posture

Critical vulnerabilities (RCE) were discovered in firmware versions V6.20 and V5, indicating a pattern of unpatched command injection flaws in network management functions.

Notable failures
  • CVE-2022-25061: Command injection via oal_setIp6DefaultRoute
  • CVE-2022-25060: Command injection via oal_startPing
  • CVE-2022-25064: Remote code execution via oal_wan6_setIpAddr
  • CVE-2021-41653: Remote code execution via crafted IP payload
Patterns
repeated unpatched edge-device RCEs; command injection in network management functions

Failure history 4 events

DateEventSevFlagsShameSummary
2022-02-25 CVE-2022-25061 critical ⚡RCE 50 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.
2022-02-25 CVE-2022-25060 critical ⚡RCE 50 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing.
2022-02-25 CVE-2022-25064 critical ⚡RCE 50 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr.
2021-11-13 CVE-2021-41653 critical ⚡RCE 50 The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.

Dossier sources

Open questions: Current patch status of TL-WR840N firmware · Number of active devices still running vulnerable firmware