FAIL › dossier
· dossier confidence 80%
TP-Link TL-WR840N firmware contains multiple critical RCE vulnerabilities discovered in 2021 and 2022, posing significant risk to network infrastructure.
Critical vulnerabilities (RCE) were discovered in firmware versions V6.20 and V5, indicating a pattern of unpatched command injection flaws in network management functions.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2022-02-25 | CVE-2022-25061 | critical | ⚡RCE | 50 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. |
| 2022-02-25 | CVE-2022-25060 | critical | ⚡RCE | 50 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. |
| 2022-02-25 | CVE-2022-25064 | critical | ⚡RCE | 50 | TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. |
| 2021-11-13 | CVE-2021-41653 | critical | ⚡RCE | 50 | The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. |
Open questions: Current patch status of TL-WR840N firmware · Number of active devices still running vulnerable firmware