CVE-2019-12195

4.8MEDIUM

Key Information:

Vendor: Tp-link
Status: Tl-wr840n Firmware
Vendor: CVE Published:; 24 May 2019

Summary

TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.

References

https://www.tp-link.com/us/security

x_refsource_MISC

http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 24, 2019
Vulnerability Reserved
May 19, 2019