CVE-2018-25321
Last modified
CVE-2018-25321 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers can modify port forwarding rules via VirtualServerRpm.htm or change WiFi security settings via WlanSecurityRpm.htm by tricking authenticated users into visiting attacker-controlled pages.. EPSS estimates a 0.18% chance of exploitation in the next 30 days.
Description
TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers can modify port forwarding rules via VirtualServerRpm.htm or change WiFi security settings via WlanSecurityRpm.htm by tricking authenticated users into visiting attacker-controlled pages.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tl-Wr720n Firmware | <= v1_130719 |
References
- https://www.exploit-db.com/exploits/44335Exploit, Third Party Advisory, VDB Entry
- https://www.tp-link.com/Product
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2018-25321?
How severe is CVE-2018-25321?
How do I fix CVE-2018-25321?
Are you affected by CVE-2018-25321?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST