CVE-2025-14739

Summary

Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack

and potentially arbitrary code execution

under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤ WR940N v5 3.20.1 Build 200316,

WR941ND v6 3.16.9 Build 151203.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems Inc.WR940N and WR941ND0 <= WR940N v5 3.20.1 Build 200316affected
TP-Link Systems Inc.WR940N and WR941ND0 <= WR941ND v6 3.16.9 Build 151203affected

Weaknesses

  • CWE-824: CWE-824 Access of Uninitialized Pointer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References