CVE-2025-6151

Summary

A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm, which may lead to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Affected Software

VendorProductVersion RangeStatus
TP-Link Systems INC.TL-WR940N V40 <= 160617affected
TP-Link Systems INC.TL-WR841N V110 <= 160325affected

Weaknesses

  • CWE-120: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References