Details of VAR-202603-3926

ID

VAR-202603-3926

CVE

CVE-2025-15606

TITLE

TP-LINK Technologies of TD-W8961ND Firmware Input Validation Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2026-009674

DESCRIPTION

A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption, resulting in a DoS condition. httpd The service will crash. If the attack is successful, the service will be interrupted. DoS This may lead to a certain condition.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-15606 // JVNDB: JVNDB-2026-009674

AFFECTED PRODUCTS

vendor:	tp link	model:	td-w8961nd	scope:	lt	version:	250925	Trust: 1.0
vendor:	tp link	model:	td-w8961nd	scope:	eq	version:	td-w8961nd firmware 250925	Trust: 0.8
vendor:	tp link	model:	td-w8961nd	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	td-w8961nd	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-009674 // NVD: CVE-2025-15606

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2025-15606
value:	HIGH
Trust: 1.0
f23511db-6c3e-4e32-a477-6aa17d310630:	CVE-2025-15606
value:	HIGH
Trust: 1.0
NVD:	CVE-2025-15606
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2025-15606
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2025-15606
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-009674 // NVD: CVE-2025-15606 // NVD: CVE-2025-15606

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-009674 // NVD: CVE-2025-15606

PATCH

title:

Security Advisory on Denial-of-Service vulnerability in HTTPD Input Handling on TP-Link TD-W8961N (CVE-2025-15606)

url:

https://www.tp-link.com/us/support/faq/5028/

Trust: 0.8

sources: JVNDB: JVNDB-2026-009674

EXTERNAL IDS

db:	NVD	id:	CVE-2025-15606	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-009674	Trust: 0.8

sources: JVNDB: JVNDB-2026-009674 // NVD: CVE-2025-15606

REFERENCES

url:	https://www.tp-link.com/en/support/download/td-w8961n/v4/#firmware	Trust: 1.8
url:	https://www.tp-link.com/us/support/faq/5028/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-15606	Trust: 0.8

sources: JVNDB: JVNDB-2026-009674 // NVD: CVE-2025-15606

SOURCES

db:	JVNDB	id:	JVNDB-2026-009674
db:	NVD	id:	CVE-2025-15606

LAST UPDATE DATE

2026-04-03T23:42:49.188000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-009674	date:	2026-04-02T01:42:00
db:	NVD	id:	CVE-2025-15606	date:	2026-03-31T19:04:18.913

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-009674	date:	2026-04-02T00:00:00
db:	NVD	id:	CVE-2025-15606	date:	2026-03-23T19:16:38.867