Unrated severityNVD Advisory· Published Apr 18, 2025· Updated Jul 1, 2025
XSS in TP-Link TL-WR841N v14/v14.6/v14.8 Upnp page
CVE-2025-25427
Description
A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.