CVE-2019-12195

EPSS 0.45%
Veröffentlicht 24.05.2019 16:29:00
Zuletzt bearbeitet 21.11.2024 04:22:24
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tp-link ≫ Tl-wr840n Firmware Version0.9.1_3.16

Tp-link ≫ Tl-wr840n Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.63

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	1.7	2.7	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR840N-Cross-Site-Scripting.html

Third Party Advisory

VDB Entry

https://www.tp-link.com/us/security

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12195

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12195

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12195

EUVD