RouterCVE

Router CVE Weekly Digest — Week of Jul 28, 2025

Published July 28, 2025 · RouterCVE Weekly Digest

13 CVEs 7 High

Affected Vendors This Week

  • TP-Link: 5 CVEs (5 high severity)
  • Netgear: 3 CVEs (2 high severity)
  • Linksys: 3 CVEs (0 high severity)
  • OpenWrt / DD-WRT: 2 CVEs (0 high severity)
  • ASUS: 1 CVE (0 high severity)
  • Palo Alto Networks: 1 CVE (0 high severity)

This week brought 13 new router CVEs, with 7 rated as high severity. A cluster of input validation flaws in TP-Link consumer routers dominates the advisory landscape, while older Netgear and Linksys models continue to reveal authenticated command injection risks.

TP-Link Input Validation Flaws — Immediate Attention Required

TP-Link has disclosed five high-severity vulnerabilities (CVSS 7.5 each) affecting the popular TL-WR841N V11 model, with one also impacting the TL-WR842ND v2 and TL-WR494N v3. All five issues stem from missing input parameter validation in web administration pages:

  • CVE-2025-53711: /userRpm/WlanNetworkRpm.htm (affects TL-WR841N v11, TL-WR842ND v2, TL-WR494N v3)
  • CVE-2025-53712: /userRpm/WlanNetworkRpm_AP.htm (TL-WR841N V11)
  • CVE-2025-53713: /userRpm/WlanNetworkRpm_APC.htm (TL-WR841N V11)
  • CVE-2025-53714: /userRpm/WzdWlanSiteSurveyRpm_AP.htm (TL-WR841N V11)
  • CVE-2025-53715: /userRpm/Wan6to4TunnelCfgRpm.htm (TL-WR841N V11)

These vulnerabilities can lead to buffer overflow conditions and potentially allow authenticated attackers to execute arbitrary code. If you manage any of these models in your network, check TP-Link's support pages immediately for patched firmware versions and schedule updates as soon as testing permits.

Netgear DGN Series: Authenticated Command Injection

Two high-severity authenticated OS command injection flaws were disclosed in Netgear routers:

  • CVE-2013-10060 (CVSS 7.2): Affects DGN2200B firmware 1.0.0.36 and earlier via the pppoe.cgi endpoint
  • CVE-2013-10061 (CVSS 7.2): Affects DGN1000B firmware 1.1.00.24 and 1.1.00.45 via the TimeToLive parameter in setup.cgi

While these require an authenticated session, they represent significant risk in environments where administrative credentials may be weak or shared. Verify your DGN series firmware versions and confirm patches are available; many older Netgear models have reached end-of-life.

Linksys and Legacy OpenWrt: Lower-Severity But Persistent

Three Linksys vulnerabilities were tracked, though rated with lower severity scores:

  • CVE-2013-10058 (CVSS 8.6): Authenticated OS command injection in WRT160Nv2 (v2.0.03)
  • CVE-2013-10062 (CVSS 6.9): Directory traversal in E1500 (firmware 1.0.00–1.0.05) via apply.cgi
  • CVE-2014-125122 (CVSS 5.3): Stack-based buffer overflow in WRT120N's tmUnblock.cgi

These are primarily legacy devices; however, many remain in production. If any are still deployed, prioritize replacement or firmware hardening.

Other Vendors

CVE-2013-10063 affects Netgear's SPH200D Skype phone (not a traditional router) via path traversal. CVE-2025-6398 (ASUS) and CVE-2025-2179 (Palo Alto Networks GlobalProtect) are outside typical router scope but may be relevant to enterprise network device inventories.

Recommended Actions

  • Prioritize firmware updates for all TP-Link TL-WR841N, TL-WR842ND, and TL-WR494N devices
  • Audit DGN series Netgear router firmware versions and seek patches or replacements
  • Review administrative access controls on all legacy models
  • Check RouterCVE for device-specific patch availability and EOL status
« All weekly digests