Justus W. Perlwitz found and helped mitigate the following vulnerabilities.
CVE-2025-9014
A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N v14: before 250908.
Sources
- Conference talk at TenguCon 2.0 on 2025-11-21:
- “QEMU and AFL++ fuzzing for MIPS-based networking equipment - Justus Wilhelm Perlwitz” on www.youtube.com, uploaded 2026-01-15
- Talk slides (PDF)
- CVE Record Information: “Null Pointer Dereference Vulnerability on TL-WR841N” on www.cve.org, published 2026-01-15
- TP-Link (Vendor):
- “Security Advisory on Null pointer Dereference Vulnerability on TP-Link TL-WR841N (CVE-2025-9014)” on www.tp-link.com, updated 2026-01-15
- “TP-Link TL-WR841NにおけるNULLポインタデリファレンスの脆弱性について(CVE-2025-9014)” on www.tp-link.com, updated 2026-01-15
JVN#83788689
Sensitive information may be accessed from process memory (CVE-2015-1548)
Justus W. Perlwitz of JWP Consulting reported this vulnerability to BUFFALO INC. and coordinated.
After the coordination was completed, BUFFALO INC. reported the case to JPCERT/CC to notify users of the solution through JVN.
Sources
- Buffalo (Vendor): “一部ネットワーク商品における複数の脆弱性とその対処方法(JVN#83788689)” on www.bufffalo.jp, published 2026-03-23
- Japan Vulnerability Notes (JVN):
- “バッファロー製Wi-Fiルータにおける複数の脆弱性” on jvp.jp/jp/, published 2026-03-27
- “Multiple vulnerabilities in BUFFALO Wi-Fi routers” on jvn.jp/en/, published 2026-03-27
- ScanNetSecurity publication: “バッファロー製 Wi-Fi ルータに複数の脆弱性” on *scan.netsecurity.ne.jp, published 2026-04-02
CVE-2025-41725
JBL: DoS vulnerability in Flip 4
The Bluetooth Classic implementation on JBL Flip 4 devices with firmware version prior to 4.1.0 does not properlym,handle malformed LMP messages and causes the entire device to crash. Any attacker in radio range can exploit this vulnerability.
Sources
- CNA (CERT@VDE): “JBL: DoS vulnerability in Flip 4” on certvde.com, published 2026-02-18