CVE-2021-3275: XSS
First published: Fri Mar 26 2021(Updated: )
Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tp-link Td-w9977 Firmware | =v1_0.1.0_0.9.1_up_boot\(161123\)_2016-11-23_15.36.15 | |
| Tp-link Td-w9977 | ||
| Tp-link Tl-wa801nd Firmware | =v5_us_0.9.1_3.16_up_boot\[170905-rel56404\] | |
| Tp-link Tl-wa801nd | ||
| Tp-link Tl-wa801n Firmware | =v6_eu_0.9.1_3.16_up_boot\[200116-rel61815\] | |
| TP-LINK TL-WA801N | ||
| Tp-link Tl-wr802n Firmware | =v4_us_0.9.1_3.17_up_boot\[200421-rel38950\] | |
| TP-Link TL-WR802N | ||
| Tp-link Archer-c3150 Firmware | =v2_170926 | |
| Tp-link Archer-c3150 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-3275?
CVE-2021-3275 is an unauthenticated stored cross-site scripting (XSS) vulnerability that exists in multiple TP-Link products.
Which TP-Link products are affected by CVE-2021-3275?
CVE-2021-3275 affects TP-Link WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, including TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices.
What is the severity of CVE-2021-3275?
CVE-2021-3275 has a severity rating of 6.1, which is considered medium.
How does CVE-2021-3275 affect TP-Link products?
CVE-2021-3275 allows for unauthenticated stored cross-site scripting (XSS) attacks on affected TP-Link products.
Are there any references for CVE-2021-3275?
Yes, you can find more information about CVE-2021-3275 at the following references: [1] [2] [3]
- collector/nvd-index
- agent/weakness
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/tp-link
- canonical/tp-link td-w9977 firmware
- version/tp-link td-w9977 firmware/v1_0.1.0_0.9.1_up_boot\(161123\)_2016-11-23_15.36.15
- canonical/tp-link td-w9977
- canonical/tp-link tl-wa801nd firmware
- version/tp-link tl-wa801nd firmware/v5_us_0.9.1_3.16_up_boot\[170905-rel56404\]
- canonical/tp-link tl-wa801nd
- canonical/tp-link tl-wa801n firmware
- version/tp-link tl-wa801n firmware/v6_eu_0.9.1_3.16_up_boot\[200116-rel61815\]
- canonical/tp-link tl-wa801n
- canonical/tp-link tl-wr802n firmware
- version/tp-link tl-wr802n firmware/v4_us_0.9.1_3.17_up_boot\[200421-rel38950\]
- canonical/tp-link tl-wr802n
- canonical/tp-link archer-c3150 firmware
- version/tp-link archer-c3150 firmware/v2_170926
- canonical/tp-link archer-c3150