CVE-2025-9014
HIGH WAF: Medium
CVSS 7.5
Published: 2026-01-15
CWE-20
A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N v14: before 250908.
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| tp-link | tl-wr841n_firmware | up to 250908 |
References
- www.tp-link.com (Product)
- www.tp-link.com (Product)
- www.tp-link.com (Product)
- www.tp-link.com (Patch, Vendor Advisory)