CVE-2025-53712
BaseFortify
Publication date: 2025-07-29
Last updated on: 2025-08-01
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | tl-wr841n_firmware | to 160325 (inc) |
| tp-link | tl-wr841n | 11 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the TP-Link TL-WR841N V11 router's web service, specifically in the /userRpm/WlanNetworkRpm_AP.htm file. It is caused by missing input parameter validation, which leads to a buffer overflow. This buffer overflow can crash the web service remotely, resulting in a denial-of-service (DoS) condition. The affected devices are no longer supported by the manufacturer, and no firmware fixes are available. [1]
How can this vulnerability impact me? :
The vulnerability can be exploited remotely to crash the router's HTTP web service, causing a denial-of-service (DoS) condition. This means the device's web interface becomes unavailable until the router is rebooted. Since the device is no longer supported and no patches are provided, the device remains vulnerable, potentially disrupting network management and connectivity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability causes the web service on the TP-Link TL-WR841N V11 router to crash due to a buffer overflow triggered remotely via the /userRpm/WlanNetworkRpm_AP.htm file. Detection can involve monitoring for unexpected HTTP service crashes or denial-of-service conditions on the device. Specific commands are not provided in the resources, but network administrators can check the router's availability by sending HTTP requests to the affected endpoint and observing if the service crashes or becomes unresponsive. For example, using curl or wget repeatedly to access http://<router-ip>/userRpm/WlanNetworkRpm_AP.htm and monitoring for service downtime may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Since the TP-Link TL-WR841N V11 is no longer supported and no firmware fixes are available, the immediate mitigation steps include upgrading to a supported router model to receive ongoing protection and automatic updates. Additionally, limiting network exposure of the router's web service (e.g., restricting remote access to the management interface) can reduce the risk of remote exploitation. Rebooting the device can temporarily restore service if a DoS attack occurs. [1]