CVE-2025-14739
Uninitialized Pointer Vulnerability in TP-Link WR940N/WR941ND Enables Root DoS and Code Execution
Publication date: 2025-12-18
Last updated on: 2026-04-29
Assigner: TPLink
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | wr941nd | 6.0 |
| tp-link | wr940n | 5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-824 | The product accesses or uses a pointer that has not been initialized. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Access of Uninitialized Pointer issue in TP-Link WR940N and WR941ND routers. It occurs during the processing of UPnP/SOAP SUBSCRIBE requests and allows local unauthenticated attackers to execute a Denial of Service (DoS) attack and potentially arbitrary code execution with root user privileges. [2]
How can this vulnerability impact me? :
This vulnerability can allow a local unauthenticated attacker to cause a Denial of Service (DoS) on the affected TP-Link routers or execute arbitrary code with root privileges. This means the attacker could take full control of the device, potentially disrupting network services or using the device for malicious purposes. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the firmware of affected TP-Link WR940N and WR941ND devices to the latest versions provided by TP-Link. Specifically, update WR940N V5 and WR941ND V6 to their respective fixed firmware versions available on the TP-Link support website. [1, 2]