CVE-2018-25321

medium

Published 2026-05-17 · Modified 2026-05-18

CVSS v3

4.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v2

—

VIR risk

4.3

Description

TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers can modify port forwarding rules via VirtualServerRpm.htm or change WiFi security settings via WlanSecurityRpm.htm by tricking authenticated users into visiting attacker-controlled pages.

Predictions

Exploit likelihood

53%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

https://static.tp-link.com/resources/software/TL-WR720N_V1_130719.zip
https://www.exploit-db.com/exploits/44335
https://www.tp-link.com/
https://www.vulncheck.com/advisories/tp-link-tl-wr720n-all-versions-csrf-via-administrative-interfaces

CWEs

CWE-352

Verify integrity in audit chain (admin only). AS-IS.