CVE-2018-25321 MEDIUM

CVE-2018-25321: TP-Link TL-WR720N CSRF via Administrative Interfaces (firmware V1_130719)

Vendor Tp-Link
Product TL-WR720NMbps Wireless N Router
Weakness CWE-352 · CSRF
Published May 17, 2026
Last update May 26, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

01Description

TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers can modify port forwarding rules via VirtualServerRpm.htm or change WiFi security settings via WlanSecurityRpm.htm by tricking authenticated users into visiting attacker-controlled pages.

Key dates

02Disclosure timeline

May 17, 2026 CVE published
May 26, 2026 Record updated