Vulnerability Description
TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers can modify port forwarding rules via VirtualServerRpm.htm or change WiFi security settings via WlanSecurityRpm.htm by tricking authenticated users into visiting attacker-controlled pages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tl-Wr720N Firmware | <= v1_130719 |
| Tp-Link | Tl-Wr720N | - |
Related Weaknesses (CWE)
References
- https://static.tp-link.com/resources/software/TL-WR720N_V1_130719.zipProduct
- https://www.exploit-db.com/exploits/44335ExploitThird Party AdvisoryVDB Entry
- https://www.tp-link.com/Product
- https://www.vulncheck.com/advisories/tp-link-tl-wr720n-all-versions-csrf-via-admThird Party Advisory
FAQ
What is CVE-2018-25321?
CVE-2018-25321 is a vulnerability with a CVSS score of 4.3 (MEDIUM). TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers...
How severe is CVE-2018-25321?
CVE-2018-25321 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-25321?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Wr720N Firmware, Tp-Link Tl-Wr720N.