Skip to main content

TP-Link CVE-2025-14739

MEDIUM
Access of Uninitialized Pointer (CWE-824)
2025-12-18 f23511db-6c3e-4e32-a477-6aa17d310630
RCE Memory Corruption TP-Link
6.8
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

DescriptionNVD

Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack

and potentially arbitrary code execution

under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤ WR940N v5 3.20.1 Build 200316,

WR941ND v6 3.16.9 Build 151203.

Analysis

Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack

and potentially arbitrary code execution

under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤ WR940N v5 3.20.1 Build 200316,

WR941ND v6 3.16.9 Build 151203.

More from same product – last 7 days

CVE-2026-3294 HIGH
8.7 May 22

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjac
CVE-2026-34126 HIGH
7.3 May 28

Cleartext Bluetooth transmission in TP-Link Tapo L535E, P300, and D100C devices allows adjacent attackers to intercept a

Share

CVE-2025-14739 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy