MEDIUMπŸ‡΅πŸ‡± Wersja polska

CVE-2026-5039

CVSS 6.1v4.0pub. 2026-04-23upd. 2026-05-05

TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key derived from default web management credentials, making the key predictable if device is left in default configuration. A network-adjacent attacker can exploit this weakness to gain unauthorized access to the protocol, read debug data, modify certain device configuration values, and trigger device reboot, resulting in loss of integrity and a denial-of-service condition.

CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Tp Link Tl Wr841n

    HW
    Tp-Link
    13.0
  • Tp Link Tl Wr841n Firmware

    OS
    Tp-Link
    < 231120
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-25073CRITICAL9.8ten sam produkt

TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr...

CVE-2018-12575CRITICAL9.8ten sam produkt

On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web i...

CVE-2018-11714CRITICAL9.8ten sam produkt

An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR8...

CVE-2025-9377HIGH8.6⚠ KEVten sam produkt

The authenticated remote command execution (RCE) vulnerability exists in the Parental Control pageΒ onΒ TP-Link...

CVE-2023-33538HIGH8.8⚠ KEVten sam produkt

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection v...

CVE-2026-5039 β€” Tp-Link β€” Tl-Wr841N β€” MEDIUM β€” CVSS 6.1 | CVEbaza.pl