TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR840N-Cross-Site-Scripting.html | Third Party Advisory VDB Entry |
https://www.tp-link.com/us/security | Vendor Advisory |
http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR840N-Cross-Site-Scripting.html | Third Party Advisory VDB Entry |
https://www.tp-link.com/us/security | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 04:22
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR840N-Cross-Site-Scripting.html - Third Party Advisory, VDB Entry | |
References | () https://www.tp-link.com/us/security - Vendor Advisory |
Information
Published : 2019-05-24 16:29
Updated : 2024-11-21 04:22
NVD link : CVE-2019-12195
Mitre link : CVE-2019-12195
CVE.ORG link : CVE-2019-12195
JSON object : View
Products Affected
tp-link
- tl-wr840n_firmware
- tl-wr840n
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')