Published: 24/05/2019 Updated: 29/05/2019

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7

VMScore: 355

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tp-link tl-wr840n_firmware 0.9.1_3.16

# Exploit Title: TL-WR840N v5 00000005 # Date: 5/10/2019 # Exploit Author: purnendu ghosh # Vendor Homepage: wwwtp-linkcom/ # Software Link: wwwamazonin/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q # Category: Hardware # Firmware Version:091 316 v00010 Build 171211 Rel58800n # Hardware Version:TL-WR840N ...

CWE-79 https://www.tp-link.com/us/security http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR840N-Cross-Site-Scripting.html https://nvd.nist.gov https://www.exploit-db.com/exploits/46882

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-12195

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect