Primary

Context

TP-Link WR940N and WR941ND Uninitialized Pointer Vulnerability Allowing DoS and Potential Arbitrary Code Execution

Vulnerability

A vulnerability has been identified in TP-Link WR940N (V5) and WR941ND (V6) routers, allowing local unauthenticated attackers to access an uninitialized pointer. This vulnerability can be exploited to execute a denial-of-service attack and potentially execute arbitrary code with root privileges. The issue arises during the processing of UPnP/SOAP SUBSCRIBE requests.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the device to crash, and in more severe cases, allow arbitrary code execution with root privileges, resulting in full system compromise.

Remediation

Users are advised to update to the latest firmware version. For WR940N V5, the latest version is 3.20.1 Build 220801. For WR941ND V6, the latest version is 3.16.9 Build 151203.

Added: Dec 18, 2025, 7:28 PM

Updated: Dec 18, 2025, 7:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

7.7

relevance

1.4

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

7.7

relevance

1.4

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TP-Link WR940N and WR941ND Uninitialized Pointer Vulnerability Allowing DoS and Potential Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating