CVE-2025-25427 Information
Apr 19, 2025
cve
Description
A Stored cross-site scripting (XSS) vulnerability in upnp page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 231119 Rel.67074n allows adjacent attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded.
Reference
https://github.com/slin99/2025-25427 https://github.com/slin99/2025-25427/blob/master/readme.md https://www.tp-link.com/en/support/download/tl-wr841n/#Firmware https://www.tp-link.com/us/support/download/tl-wr841n/#Firmware
Share on: