1 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 3

Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) almacenado no autenticado en múltiples productos de TP-Link, incluyendo WIFI Routers (enrutadores Wireless AC), Access Points, ADSL + DSL Gateways and Routers, que afectan a dispositivos TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, y Archer C3150v2, por medio de la comprobación inapropiada del nombre de host. Algunas de las páginas, incluyendo dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, y qsReview.htm, usan esta función vulnerable de nombre de host (setDefaultHostname()) sin saneamiento. Multiple TP-Link devices suffer from an unauthenticated persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/161989/TP-Link-Cross-Site-Scripting.html https://github.com/smriti548/CVE/blob/main/CVE-2021-3275 https://seclists.org/fulldisclosure/2021/Mar/67 https://www.tp-link.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •