Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3275

Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization.

Published

2021-03-26T13:15:11.663

Last Modified

2024-11-21T06:21:11.943

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System tp-link td-w9977_firmware v1_0.1.0_0.9.1_up_boot\(161123\)_2016-11-23_15.36.15 Yes
Hardware tp-link td-w9977 - No
Operating System tp-link tl-wa801nd_firmware v5_us_0.9.1_3.16_up_boot\[170905-rel56404\] Yes
Hardware tp-link tl-wa801nd - No
Operating System tp-link tl-wa801n_firmware v6_eu_0.9.1_3.16_up_boot\[200116-rel61815\] Yes
Hardware tp-link tl-wa801n - No
Operating System tp-link tl-wr802n_firmware v4_us_0.9.1_3.17_up_boot\[200421-rel38950\] Yes
Hardware tp-link tl-wr802n - No
Operating System tp-link archer-c3150_firmware v2_170926 Yes
Hardware tp-link archer-c3150 - No
References