Tp-link Tl-wr940n Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Tp-link Tl-wr940n Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2023-36355 — CVSS 9.9 (critical): TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This…
CVE-2022-24355 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build…
CVE-2019-6989 — CVSS 8.8 (high): TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By…
CVE-2022-43636 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6_211111…
CVE-2025-6151: A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality of the file…
CVE-2023-33536 — CVSS 8.1 (high): TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component…
CVE-2023-33537 — CVSS 8.1 (high): TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a buffer overflow via the component…
CVE-2022-0650 — CVSS 8.0 (high): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build…
CVE-2022-24973 — CVSS 8.0 (high): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build…
CVE-2024-54887 — CVSS 8.0 (high): TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at…
CVE-2023-36356 — CVSS 7.7 (high): TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the…
CVE-2023-36357 — CVSS 7.7 (high): An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows…
CVE-2023-36358 — CVSS 7.7 (high): TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component…
CVE-2023-36354 — CVSS 7.5 (high): TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow…
CVE-2023-23040 — CVSS 7.5 (high): TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication.
CVE-2023-36359 — CVSS 7.5 (high): TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component…
CVE-2026-11410 — CVSS 7.2 (high): An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to…
CVE-2026-11409 — CVSS 7.2 (high): An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper…
CVE-2022-24972 — CVSS 6.5 (medium): This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N…
CVE-2022-43635 — CVSS 6.5 (medium): This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N…