CVE-2025-15606
Published: 23 March 2026
Summary
CVE-2025-15606 is a high-severity Improper Input Validation (CWE-20) vulnerability in Tp-Link Td-W8961Nd Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces validation of HTTP inputs in the httpd service to block crafted requests that trigger processing errors due to improper input sanitization.
Provides denial-of-service protections specifically designed to limit the effects of crafted requests causing httpd service crashes.
Requires timely application of firmware updates to remediate the known input sanitization flaw in the TP-Link TD-W8961N v4.0 httpd component.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated crafted HTTP requests to httpd directly enable T1190 (public-facing web management interface) and T1499.004 (application exploitation causing service crash/DoS).
NVD Description
A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause…
more
service interruption, resulting in a DoS condition.
Deeper analysisAI
CVE-2025-15606 is a Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 router, published on 2026-03-23. The issue arises from improper input sanitization (CWE-20), which allows crafted HTTP requests to trigger a processing error that crashes the httpd service. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high availability impact with no confidentiality or integrity effects.
Remote attackers can exploit this vulnerability over the network without authentication, privileges, or user interaction, using low-complexity crafted requests. Successful exploitation causes the httpd service to crash, leading to service interruption and a DoS condition that disrupts web-based management access and potentially related functionalities.
TP-Link offers mitigation through firmware updates available at https://www.tp-link.com/en/support/download/td-w8961n/v4/#Firmware, along with supporting information in their FAQ at https://www.tp-link.com/us/support/faq/5028/. Practitioners should verify and apply the latest firmware to affected TD-W8961N v4.0 devices.
Details
- CWE(s)