CVE-2024-2188 MEDIUM

CVE-2024-2188: Cross-Site Scripting vulnerability in TP-Link Archer AX50

Vendor Tp-Link

Product Archer AX50

Weakness CWE-79 · XSS

Published March 5, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded.

Key dates

02Disclosure timeline

March 5, 2024 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-2188 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-5539 Simplify Contact Management: WP Easy Contact <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2019-25403 Comodo Dome Firewall 2.7.0 Stored Cross-Site Scripting via admin_profiles CVE-2025-40632 Cross-site scripting (XSS) vulnerability in IceWarp Mail Server CVE-2025-24771 WordPress Content Manager Light plugin <= 3.2 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-58266 WordPress Gianism plugin <= 6.0.0 - Cross Site Scripting (XSS) vulnerability