VYPR
Unrated severityNVD Advisory· Published Apr 18, 2025· Updated Jul 1, 2025

XSS in TP-Link TL-WR841N v14/v14.6/v14.8 Upnp page

CVE-2025-25427

Description

A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • TP-Link/Tl Wr841nllm-fuzzy2 versions
    <= v14.8 Build 241230 Rel. 50788n+ 1 more
    • (no CPE)range: <= v14.8 Build 241230 Rel. 50788n
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.