Description
A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption, resulting in a DoS condition.
Published: 2026-03-23
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service in the HTTP daemon
Action: Apply Patch
AI Analysis

Impact

An improper input sanitization flaw in the httpd component of the TP‑Link TD‑W8961N router allows an attacker to send specially formatted requests that trigger a processing error, causing the httpd service to crash and resulting in a loss of web‑based management functionality. The weakness is an example of improper validation of user supplied data, which can lead to a temporary interruption of services.

Affected Systems

The vulnerability applies exclusively to the TP‑Link TD‑W8961N router running firmware version 4.0. No other TP‑Link products or firmware revisions are identified as affected in the available data.

Risk and Exploitability

The CVSS score of 7.1 places this vulnerability in the moderate‑to‑high impact category. An EPSS score of less than 1% indicates a low likelihood of current exploitation, and it is not listed in the CISA KEV catalog. Based on the description, the attack vector is inferred to originate from a remote entity capable of sending HTTP requests to the device; authentication is not required to trigger the crash.

Generated by OpenCVE AI on April 1, 2026 at 03:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review the TP‑Link support site for firmware updates that address the HTTP input handling issue for the TD‑W8961N.
  • Apply the identified firmware update following the vendor’s installation instructions.
  • Reboot the router after updating the firmware to ensure the changes take effect.
  • If a firmware update is not yet available, restrict access to the device’s web interface to trusted networks or disable the HTTP service to mitigate the risk of service interruption.

Generated by OpenCVE AI on April 1, 2026 at 03:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link td-w8961n
Tp-link td-w8961nd Firmware
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:tp-link:td-w8961n:4:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:td-w8961nd_firmware:*:*:*:*:*:*:*:*
Vendors & Products Tp-link
Tp-link td-w8961n
Tp-link td-w8961nd Firmware
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link Systems Inc.
Tp-link Systems Inc. td-w8961n V4.0
Vendors & Products Tp-link Systems Inc.
Tp-link Systems Inc. td-w8961n V4.0

Mon, 23 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption, resulting in a DoS condition.
Title Denial of Service (DoS) in HTTPD Input Handling on TP-Link TD-W8961N
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Tp-link Td-w8961n Td-w8961nd Firmware
Tp-link Systems Inc. Td-w8961n V4.0
cve-icon MITRE

Status: PUBLISHED

Assigner: TPLink

Published:

Updated: 2026-03-24T14:37:57.837Z

Reserved: 2026-03-09T23:26:25.808Z

Link: CVE-2025-15606

cve-icon Vulnrichment

Updated: 2026-03-24T14:37:54.100Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T19:16:38.867

Modified: 2026-03-31T19:04:18.913

Link: CVE-2025-15606

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:59:24Z

Weaknesses