CVE-2025-6151

Опубликовано: 17 июн. 2025

Источник: nvd

EPSS Низкий

Описание

A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm, which may lead to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Ссылки

https://github.com/WhereisDoujo/CVE/issues/7
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?ctiid.312626
Permissions Required
VDB Entry
https://vuldb.com/?id.312626
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.593031
Third Party Advisory
VDB Entry
https://www.tp-link.com/us/support/faq/4536/
https://github.com/WhereisDoujo/CVE/issues/7
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tp-link:tl-wr940n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr940n:v4:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00336

Низкий

Дефекты

CWE-119

CWE-120

Связанные уязвимости

GHSA-pc68-4m2q-7jqf

CVSS3: 8.8

github

8 месяцев назад

A vulnerability, which was classified as critical, has been found in TP-Link TL-WR940N V4. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm. The manipulation of the argument dnsserver1 leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

BDU:2025-07016