EIP-2026-102058

This is a detailed technical writeup describing an unauthenticated stored XSS vulnerability in multiple TP-Link devices. The vulnerability arises from improper validation of the hostname parameter in functions like setDefaultHostname(), allowing malicious scripts to execute when displayed in various web interface pages.