Summaryinfo

A vulnerability classified as problematic was found in TP-Link TD-W8961N 4.0. This issue affects some unknown processing of the component Httpd Service. Executing a manipulation can lead to denial of service. This vulnerability is handled as CVE-2025-15606. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability classified as problematic was found in TP-Link TD-W8961N 4.0. This vulnerability affects an unknown function of the component Httpd Service. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability. CVE summarizes:

A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption, resulting in a DoS condition.

The weakness was released by RONBUB. The advisory is shared for download at tp-link.com. This vulnerability was named CVE-2025-15606 since 03/10/2026. The exploitation appears to be easy. The attack needs to approached within the local network. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available.

Upgrading to version 4_250925 eliminates this vulnerability.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Vendor

• TP-Link

Name

• TD-W8961N

Version

• 4.0

License

• commercial

Website

• Vendor: https://www.tp-link.com/

CPE 2.3info

• 🔒

CPE 2.2info

• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion