CVE-2018-25321
TP-Link TL-WR720N All Versions CSRF via Administrative Interfaces
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers can modify port forwarding rules via VirtualServerRpm.htm or change WiFi security settings via WlanSecurityRpm.htm by tricking authenticated users into visiting attacker-controlled pages.
| CWE | CWE-352 |
| Vendor | tp-link |
| Product | tl-wr720nmbps wireless n router |
| Published | May 17, 2026 |
| Last Updated | May 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for tp-link tl-wr720nmbps wireless n router
Be the first to know when new medium vulnerabilities affecting tp-link tl-wr720nmbps wireless n router are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected Versions
Tp-link / TL-WR720NMbps Wireless N Router
V1_130719
References
exploit-db.com: https://www.exploit-db.com/exploits/44335 tp-link.com: https://www.tp-link.com/ static.tp-link.com: https://static.tp-link.com/resources/software/TL-WR720N_V1_130719.zip vulncheck.com: https://www.vulncheck.com/advisories/tp-link-tl-wr720n-all-versions-csrf-via-administrative-interfaces
Credits
Mans van Someren