Matan Azugi

**Name of the Vulnerable Software and Affected Versions** TP-LINK TL-WR841N router versions 3.13.9 Build 120201 Rel.54965n and earlier **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote administrators to inject arbitrary web script or HTML via the `username` or `pwd` parameter to the "userRpm/NoipDdnsRpm.htm" endpoint. **Recommendations** For TP-LINK TL-WR841N router versions 3.13.9 Build 120201 Rel.54965n and earlier, avoid using the `username` and `pwd` parameters in the "userRpm/NoipDdnsRpm.htm" endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-LINK TL-WR841N router versions 3.13.9 build 120201 Rel.54965n and earlier **Description** The issue allows remote attackers to read arbitrary files via the URL parameter in the web-based management interface. **Recommendations** For TP-LINK TL-WR841N router versions 3.13.9 build 120201 Rel.54965n and earlier, consider restricting access to the web-based management interface until a fix is available. Avoid using the vulnerable URL parameter in the web-based management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.