CVE-2012-6316
TP-LINK TL-WR841N Firmware < 3.13.9 - Cross-Site Scripting via Username or Password Parameter
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/56602
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2012/Dec/93
Scores
EPSS
0.0025
EPSS Percentile
48.5%
Details
CWE
CWE-79
Status
published
Products (2)
tp-link/tl-wr841n
tp-link/tl-wr841n_firmware
< 3.13.9
Published
Sep 30, 2014
Tracked Since
Feb 18, 2026