CVE-2012-6316

Name of the Vulnerable Software and Affected Versions TP-LINK TL-WR841N router versions 3.13.9 Build 120201 Rel.54965n and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote administrators to inject arbitrary web script or HTML via the username or pwd parameter to the "userRpm/NoipDdnsRpm.htm" endpoint.

Recommendations For TP-LINK TL-WR841N router versions 3.13.9 Build 120201 Rel.54965n and earlier, avoid using the username and pwd parameters in the "userRpm/NoipDdnsRpm.htm" endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.