CVE-2019-12195 — MEDIUM (4.8)

Vulnerability Description

TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.

CVSS Score

4.8

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Tp-Link	Tl-Wr840N Firmware	0.9.1_3.16
Tp-Link	Tl-Wr840N	5.0

Related Weaknesses (CWE)

CWE-79

References

http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR840N-Cross-Site-ScriptiThird Party AdvisoryVDB Entry
https://www.tp-link.com/us/securityVendor Advisory
http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR840N-Cross-Site-ScriptiThird Party AdvisoryVDB Entry
https://www.tp-link.com/us/securityVendor Advisory

FAQ

What is CVE-2019-12195?

CVE-2019-12195 is a vulnerability with a CVSS score of 4.8 (MEDIUM). TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network n...

How severe is CVE-2019-12195?

CVE-2019-12195 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-12195?

Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Wr840N Firmware, Tp-Link Tl-Wr840N.