Cross-Site Request Forgery Vulnerability in TP-Link TL-WR841N
CVE-2018-12574

8.8HIGH

Key Information:

Vendor: Tp-link
Status: Tl-wr841n Firmware
Vendor: CVE Published:; 2 July 2018

What is CVE-2018-12574?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the web interface of TP-Link TL-WR841N devices. This flaw allows unauthorized actions to be performed by an attacker if the user is authenticated in the web interface, potentially compromising the security of the device and the network. Users are advised to implement protective measures such as changing default credentials and ensuring firmware is up to date.

References

https://software-talk.org/blog/2018/06/tplink-wr841n-csrf...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2018
Vulnerability Reserved
Jun 19, 2018

Tp-link

What is CVE-2018-12574?

References

CVSS V3.1

Timeline