CVE-2018-20372

Name of the Vulnerable Software and Affected Versions TP-Link TD-W8961ND (affected versions not specified)

Description The issue allows for cross-site scripting (XSS) attacks via the hostname of a DHCP client. This can be exploited by changing a device's hostname to an XSS payload, which will then be executed when browsing the list of connected devices by hostname in the router's web interface.

Recommendations For TP-Link TD-W8961ND devices, as a temporary workaround, consider restricting access to the web interface or avoiding browsing the list of connected devices by hostname until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.