Improper input validation vulnerability in TP-Link System... · CVE-2025-11676 · GitHub Advisory Database · GitHub

Improper input validation vulnerability in TP-Link System...

High severity Unreviewed Published Nov 20, 2025 to the GitHub Advisory Database

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 (UPnP modules), which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 <= Build 220801.

References

Published by the National Vulnerability Database

Nov 20, 2025

Published to the GitHub Advisory Database Nov 20, 2025

Severity

High

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Adjacent

Attack Complexity Low

Attack Requirements None

Privileges Required None

User interaction None

Vulnerable System Impact Metrics

Confidentiality None

Integrity None

Availability High

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability None

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X