Slin99

**Name of the Vulnerable Software and Affected Versions** TP-Link WR841N versions v14/v14.6/v14.8 <= Build 241230 Rel. 50788n TP-Link WR841N version <= 4.19 **Description** A stored cross-site scripting (XSS) vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded. **Recommendations** For TP-Link WR841N versions v14/v14.6/v14.8 <= Build 241230 Rel. 50788n, consider disabling the upnp.htm page until a patch is available. For TP-Link WR841N version <= 4.19, restrict access to the upnp page to minimize the risk of exploitation. As a temporary workaround, avoid using the port mapping description in the affected API endpoint until the issue is resolved.