CVE-2019-12195

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR840N version 5 00000005

Description The issue allows for cross-site scripting (XSS) attacks via the network name. An attacker must first gain access to the router by cracking the password and logging into the admin page. Once access is gained, an XSS payload can be used to automatically change the network name, resulting in the disconnection of the internet connection for all users.

Recommendations For TP-Link TL-WR840N version 5 00000005, consider changing the default password to a strong and unique one to prevent unauthorized access, and avoid using the network name field for any potentially malicious input until a fix is available. As a temporary workaround, restrict access to the admin login page to minimize the risk of exploitation.