Vulnerability Details CVE-2016-10719
TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2016-10719
-
cpe:2.3:h:tp-link:archer_cr700:-
-
cpe:2.3:o:tp-link:archer_cr700_firmware:1.0.6