CVE-2019-12195

TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tp-link:tl-wr840n_firmware:0.9.1_3.16:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wr840n:5.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:22

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR840N-Cross-Site-Scripting.html - Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR840N-Cross-Site-Scripting.html - Third Party Advisory, VDB Entry
References () https://www.tp-link.com/us/security - Vendor Advisory () https://www.tp-link.com/us/security - Vendor Advisory

Information

Published : 2019-05-24 16:29

Updated : 2024-11-21 04:22


NVD link : CVE-2019-12195

Mitre link : CVE-2019-12195

CVE.ORG link : CVE-2019-12195


JSON object : View

Products Affected

tp-link

  • tl-wr840n_firmware
  • tl-wr840n
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')