CVE-2025-14739— Uninitialized Pointer Vulnerability in TP-Link WR940N and WR941ND
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-14739
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uninitialized Pointer Vulnerability in TP-Link WR940N and WR941ND
Source: NVD (National Vulnerability Database)
Vulnerability Description
Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack and potentially arbitrary code execution under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤ WR940N v5 3.20.1 Build 200316, ≤ WR941ND v6 3.16.9 Build 151203.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用未经初始化的指针
Source: NVD (National Vulnerability Database)
Vulnerability Title
TP-Link WR940N 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TP-Link WR940N是中国普联(TP-Link)公司的一款无线路由器。 TP-Link WR940N 3.20.1 Build 200316及之前版本存在安全漏洞,该漏洞源于未初始化指针访问,可能导致拒绝服务和执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| TP-Link Systems Inc. | WR940N and WR941ND | 0 ~ WR940N v5 3.20.1 Build 200316 | - |
II. Public POCs for CVE-2025-14739
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-14739
请登录查看更多情报信息。
Same Patch Batch · TP-Link Systems Inc. · 2025-12-18 · 3 CVEs total
| CVE-2025-14738 | Configuration Disclosure Vulnerability in TP-Link WA850RE | |
| CVE-2025-14737 | Command Injection Vulnerability in TP-Link WA850RE |
IV. Related Vulnerabilities
Same vendor: TP-Link Systems Inc.
- CVE-2026-5039
Predictable Default Cryptographic Key Used for DES Encryptio - CVE-2026-5363
Use of weak cryptographic key in TP-Link Archer C7 - CVE-2026-30818
OS Command Injection Vulnerability in dnsmasq Module in TP-L - CVE-2026-30817
Arbitrary File Reading Vulnerability in dnsmasq Module in TP - CVE-2026-30816
Arbitrary File Reading Vulnerability in OpenVPN Module in TP
Same weakness: CWE-824
V. Comments for CVE-2025-14739
No comments yet