CVE-2025-25427

Stored XSS vulnerability CVE-2025-25427 in TP-Link WR841N web interface (upnp.htm) allows injection of arbitrary JavaScript via the port mapping description. Impact: payload executes when the upnp page loads. Affected: WR841N v14/v14.6/v14.8

TP-LINK TL-WR841N 安全漏洞

TP-LINK TL-WR841N is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK TL-WR841N v14/v14.6/v14.8 Build 241230 Rel. 50788n and prior versions, which originates from the presence of stored cross-site scripting on the upnp.htm page, which could lead to the executio...

PT-2025-17247 · Tp Link · Tp-Link Wr841N

Name of the Vulnerable Software and Affected Versions: TP-Link WR841N versions v14/v14.6/v14.8 = Build 241230 Rel. 50788n TP-Link WR841N version = 4.19 Description: A stored cross-site scripting XSS vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N allows remote attackers ...

CVE-2018-15875

Cross-site scripting XSS vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request...