Which versions of TP-Link are affected by CVE-2025-11676?

Organizations using TP-Link System Inc. TL-WR940N face moderate risk from CVE-2025-11676, a input validation vulnerability rated CVSS 7.1.

How to fix or mitigate CVE-2025-11676?

Within 30 days: Identify all affected systems running TP-Link System Inc. TL-WR940N and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

TP-Link CVE-2025-11676

Q: What is the CVSS score of CVE-2025-11676?

CVE-2025-11676 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

HIGH

Improper Input Validation (CWE-20)

2025-11-20 f23511db-6c3e-4e32-a477-6aa17d310630

Information Disclosure TP-Link

7.1

CVSS 4.0

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:23 vuln.today

CVE Published

Nov 20, 2025 - 15:17 nvd

HIGH 7.1

DescriptionNVD

Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 (UPnP modules), which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 <= Build 220801.

AnalysisAI

Improper input validation vulnerability in TP-Link System Inc. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 (UPnP modules), which allows unauthenticated adjacent attackers to perform DoS attack.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More from same product – last 7 days

CVE-2026-3294 HIGH This Week

8.7 May 22

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjac

CVE-2026-34126 HIGH This Week

7.3 May 28

Cleartext Bluetooth transmission in TP-Link Tapo L535E, P300, and D100C devices allows adjacent attackers to intercept a

CVE-2025-11676 vulnerability details – vuln.today

Back

TP-Link CVE-2025-11676

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

More from same product – last 7 days

Share

TP-Link CVE-2025-11676

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code