Description
TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.
Exploits (1)
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.tp-link.com/us/security
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR840N-Cross-Site-Scripting.html
Scores
CVSS v3
4.8
EPSS
0.0045
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
tp-link/tl-wr840n_firmware
0.9.1_3.16
Published
May 24, 2019
Tracked Since
Feb 18, 2026