Details of VAR-202601-4272

ID

VAR-202601-4272

CVE

CVE-2025-9014

TITLE

TP-LINK Technologies of TL-WR841N Multiple vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-002490

DESCRIPTION

A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N v14: before 250908. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-9014 // JVNDB: JVNDB-2026-002490

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-wr841n	scope:	lt	version:	250908	Trust: 1.0
vendor:	tp link	model:	tl-wr841n	scope:	eq	version:	tl-wr841n firmware 250908	Trust: 0.8
vendor:	tp link	model:	tl-wr841n	scope:	eq	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wr841n	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-002490 // NVD: CVE-2025-9014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-9014
value:	HIGH
Trust: 1.0
f23511db-6c3e-4e32-a477-6aa17d310630:	CVE-2025-9014
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2025-9014
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2025-9014
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2025-9014
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-002490 // NVD: CVE-2025-9014 // NVD: CVE-2025-9014

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-476	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8
problemtype:	NULL Pointer dereference (CWE-476) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-002490 // NVD: CVE-2025-9014

PATCH

title:

Security Advisory on Null pointer Dereference Vulnerability on TP-Link TL-WR841N (CVE-2025-9014)

url:

https://www.tp-link.com/us/support/faq/4894/

Trust: 0.8

sources: JVNDB: JVNDB-2026-002490

EXTERNAL IDS

db:	NVD	id:	CVE-2025-9014	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-002490	Trust: 0.8

sources: JVNDB: JVNDB-2026-002490 // NVD: CVE-2025-9014

REFERENCES

url:	https://www.tp-link.com/jp/support/download/tl-wr841n/#firmware	Trust: 1.8
url:	https://www.tp-link.com/us/support/download/tl-wr841n/#firmware	Trust: 1.8
url:	https://www.tp-link.com/en/support/download/tl-wr841n/#firmware	Trust: 1.8
url:	https://www.tp-link.com/us/support/faq/4894/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-9014	Trust: 0.8

sources: JVNDB: JVNDB-2026-002490 // NVD: CVE-2025-9014

SOURCES

db:	JVNDB	id:	JVNDB-2026-002490
db:	NVD	id:	CVE-2025-9014

LAST UPDATE DATE

2026-02-05T16:16:31.382000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-002490	date:	2026-02-02T10:39:00
db:	NVD	id:	CVE-2025-9014	date:	2026-01-30T20:42:05.277

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-002490	date:	2026-02-02T00:00:00
db:	NVD	id:	CVE-2025-9014	date:	2026-01-15T18:16:38.100