Search criteria
2 vulnerabilities found for TL-WR720NMbps Wireless N Router by Tp-link
CVE-2018-25321 (GCVE-0-2018-25321)
Vulnerability from nvd – Published: 2026-05-17 12:11 – Updated: 2026-05-26 11:51
VLAI
Title
TP-Link TL-WR720N CSRF via Administrative Interfaces (firmware V1_130719)
Summary
TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers can modify port forwarding rules via VirtualServerRpm.htm or change WiFi security settings via WlanSecurityRpm.htm by tricking authenticated users into visiting attacker-controlled pages.
Severity
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44335 | exploit |
| https://www.tp-link.com/ | product |
| https://static.tp-link.com/resources/software/TL-… | product |
| https://www.vulncheck.com/advisories/tp-link-tl-w… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tp-link | TL-WR720NMbps Wireless N Router |
Affected:
V1_130719
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25321",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T16:43:05.000492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T17:52:30.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TL-WR720NMbps Wireless N Router",
"vendor": "Tp-link",
"versions": [
{
"status": "affected",
"version": "V1_130719"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mans van Someren"
}
],
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers can modify port forwarding rules via VirtualServerRpm.htm or change WiFi security settings via WlanSecurityRpm.htm by tricking authenticated users into visiting attacker-controlled pages."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T11:51:35.665Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-44335",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/44335"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.tp-link.com/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://static.tp-link.com/resources/software/TL-WR720N_V1_130719.zip"
},
{
"name": "VulnCheck Advisory: TP-Link TL-WR720N All Versions CSRF via Administrative Interfaces",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/tp-link-tl-wr720n-all-versions-csrf-via-administrative-interfaces"
}
],
"title": "TP-Link TL-WR720N CSRF via Administrative Interfaces (firmware V1_130719)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25321",
"datePublished": "2026-05-17T12:11:28.176Z",
"dateReserved": "2026-05-17T11:36:55.327Z",
"dateUpdated": "2026-05-26T11:51:35.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25321 (GCVE-0-2018-25321)
Vulnerability from cvelistv5 – Published: 2026-05-17 12:11 – Updated: 2026-05-26 11:51
VLAI
Title
TP-Link TL-WR720N CSRF via Administrative Interfaces (firmware V1_130719)
Summary
TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers can modify port forwarding rules via VirtualServerRpm.htm or change WiFi security settings via WlanSecurityRpm.htm by tricking authenticated users into visiting attacker-controlled pages.
Severity
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44335 | exploit |
| https://www.tp-link.com/ | product |
| https://static.tp-link.com/resources/software/TL-… | product |
| https://www.vulncheck.com/advisories/tp-link-tl-w… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tp-link | TL-WR720NMbps Wireless N Router |
Affected:
V1_130719
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25321",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T16:43:05.000492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T17:52:30.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TL-WR720NMbps Wireless N Router",
"vendor": "Tp-link",
"versions": [
{
"status": "affected",
"version": "V1_130719"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mans van Someren"
}
],
"descriptions": [
{
"lang": "en",
"value": "TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers can modify port forwarding rules via VirtualServerRpm.htm or change WiFi security settings via WlanSecurityRpm.htm by tricking authenticated users into visiting attacker-controlled pages."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T11:51:35.665Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-44335",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/44335"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.tp-link.com/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://static.tp-link.com/resources/software/TL-WR720N_V1_130719.zip"
},
{
"name": "VulnCheck Advisory: TP-Link TL-WR720N All Versions CSRF via Administrative Interfaces",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/tp-link-tl-wr720n-all-versions-csrf-via-administrative-interfaces"
}
],
"title": "TP-Link TL-WR720N CSRF via Administrative Interfaces (firmware V1_130719)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25321",
"datePublished": "2026-05-17T12:11:28.176Z",
"dateReserved": "2026-05-17T11:36:55.327Z",
"dateUpdated": "2026-05-26T11:51:35.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}