CWE
79
Advisory Published
Updated

CVE-2019-12195: XSS

First published: Fri May 24 2019(Updated: )

TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Tp-link Tl-wr840n Firmware=0.9.1_3.16
TP-LINK TL-WR840N=5.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2019-12195?

    CVE-2019-12195 is a vulnerability that allows XSS (Cross-Site Scripting) attacks on TP-Link TL-WR840N v5 00000005 devices.

  • What is the severity of CVE-2019-12195?

    The severity of CVE-2019-12195 is medium with a severity value of 4.8.

  • How does CVE-2019-12195 work?

    An attacker can log into the router by breaking the password and go to the admin login page to obtain the network name, then use an XSS payload to change the network name automatically.

  • How can I mitigate CVE-2019-12195?

    To mitigate CVE-2019-12195, it is recommended to update the TP-Link TL-WR840N firmware to version 0.9.1_3.16 or above.

  • Where can I find more information about CVE-2019-12195?

    More information about CVE-2019-12195 can be found at the following references: [Packetstorm Security](http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR840N-Cross-Site-Scripting.html) and [TP-Link Security Advisory](https://www.tp-link.com/us/security).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203