TP-Link TL-WR720N All Versions CSRF via Administrative Interfaces

Advisories

TP-Link TL-WR720N All Versions CSRF via Administrative Interfaces

severity: medium
date: 5/17/2026
Affecting: TL-WR720NMbps Wireless N Router <= V1_130719
CVE: CVE-2018-25321
CWE: CWE-352 Cross-Site Request Forgery (CSRF)
CVSS: 5.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
References: ExploitDB-44335
Official Product Homepage
Product Reference
Credit: Mans van Someren
Description: TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attackers can modify port forwarding rules via VirtualServerRpm.htm or change WiFi security settings via WlanSecurityRpm.htm by tricking authenticated users into visiting attacker-controlled pages.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo