Description
The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.
CVSS breakdown
CVSS 4.0
Attack Vector
Adjacent
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
None
User Interaction
Passive
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
Low
Availability (Vulnerable System)
Low
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- TP-Link Systems Inc. / Archer C20 v50 – US_V5_260419
- TP-Link Systems Inc. / Archer C20 v50 – EU_V5_260317
- TP-Link Systems Inc. / Archer C20 v60 – 0.9.1 4.19 v0001.0 Build 250630 Rel.56583n
- TP-Link Systems Inc. / Archer MR200 v5.20 – 1.2.0 Build 250917 Rel.51746
- TP-Link Systems Inc. / TL-WR845N v40 – 0.9.1 3.19 Build 251031 rel33710
- TP-Link Systems Inc. / TL-WR850N v30 – 3.16.0 0.9.1 v6031.0 Build 251205 Rel.22089n
References
- MISChttps://www.tp-link.com/en/support/download/archer-mr200/v5.20/#Firmware
- MISChttps://www.tp-link.com/en/support/download/archer-c20/v6/#Firmware
- MISChttps://www.tp-link.com/in/support/download/tl-wr850n/#Firmware
- MISChttps://www.tp-link.com/en/support/download/tl-wr845n/#Firmware
- MISChttps://www.tp-link.com/in/support/download/archer-mr200/v5.20/#Firmware
- MISChttps://www.tp-link.com/in/support/download/archer-c20/v6/#Firmware
- MISChttps://www.tp-link.com/in/support/download/tl-wr845n/#Firmware
- MISChttps://www.tp-link.com/us/support/faq/4948/
- MISChttps://www.tp-link.com/us/support/download/archer-c20/v5/#Firmware
- MISChttps://www.tp-link.com/en/support/download/archer-c20/v5/#Firmware