CVE-2025-15606
HIGH WAF: Medium
CVSS 7.5
Published: 2026-03-23
CWE-20
A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption, resulting in a DoS condition.
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| tp-link | td-w8961nd_firmware | up to 250925 |
References
- www.tp-link.com (Product)
- www.tp-link.com (Vendor Advisory)