CVE-2019-12195

MEDIUM

TP-Link TL-WR840N v5 00000005 - Stored Cross-Site Scripting via Network Name

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-12195. PoCs published by purnendu ghosh.

AI-analyzed exploit summary This is a writeup describing a Cross-Site Scripting (XSS) vulnerability in TP-Link TL-WR840N v5 routers. The exploit involves changing the network name via XSS payload, leading to disconnection of users from the internet.

Description

TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.

Exploits (1)

exploitdb WRITEUP
by purnendu ghosh · textwebappshardware
https://www.exploit-db.com/exploits/46882

This is a writeup describing a Cross-Site Scripting (XSS) vulnerability in TP-Link TL-WR840N v5 routers. The exploit involves changing the network name via XSS payload, leading to disconnection of users from the internet.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Theoretical
Target: TP-Link TL-WR840N v5 00000005 with firmware 0.9.1 3.16 v0001.0 Build 171211 Rel.58800n
Auth required
Prerequisites: Access to router admin credentials (via brute-force or other means) · Burp Suite for intercepting and modifying requests
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.tp-link.com/us/security

Scores

CVSS v3 4.8
EPSS 0.0179
EPSS Percentile 75.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
tp-link/tl-wr840n_firmware 0.9.1_3.16
Published May 24, 2019
Tracked Since Feb 18, 2026