Cross-Site Scripting Vulnerability in TP-Link TL-WR840N Router
CVE-2019-12195

4.8MEDIUM

Key Information:

Vendor: Tp-link
Status: Tl-wr840n Firmware
Vendor: CVE Published:; 24 May 2019

Summary

The TP-Link TL-WR840N v5 00000005 router is susceptible to a Cross-Site Scripting (XSS) vulnerability that allows attackers to manipulate the network name to execute malicious payloads. This may lead to disruption of internet connectivity, as all users connected to the router could be forcibly disconnected. An attacker must first compromise the router's login credentials and gain access to the administrative interface to exploit this vulnerability, highlighting significant security concerns for users of this device.

References

https://www.tp-link.com/us/security

x_refsource_MISC

http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 24, 2019
Vulnerability Reserved
May 19, 2019