Cross-Site Scripting Vulnerabilities in TP-LINK TL-WR841N Router
CVE-2012-6316

Currently unrated

Key Information:

Vendor: Tp-link
Status: Tl-wr841n Firmware; Tl-wr841n
Vendor: CVE Published:; 30 September 2014

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the TP-LINK TL-WR841N router, specifically in firmware versions 3.13.9 Build 120201 Rel.54965n and earlier. These vulnerabilities allow remote administrators to inject arbitrary web scripts or HTML through the 'username' and 'pwd' parameters in the userRpm/NoipDdnsRpm.htm interface. This can lead to unauthorized access and manipulation of the router's settings, underscoring the importance of firmware updates to mitigate such risks.

References

http://www.securityfocus.com/bid/56602

vdb-entryx_refsource_BID

http://seclists.org/fulldisclosure/2012/Dec/93

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Sep 30, 2014
Vulnerability Reserved
Dec 6, 2012