Vulnerability Database

322,907

Total vulnerabilities in the database

CVE-2021-3275

Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization.

Published: Mar 26, 2021
Updated: Nov 16, 2025
CVE: CVE-2021-3275
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
tp-link / td-w9977_firmware	1_0.1.0_0.9.1_up_boot(161123)_2016-11-23_15.36.15	1_0.1.0_0.9.1_up_boot(161123)_2016-11-23_15.36.15.x
tp-link / tl-wa801nd_firmware	5_us_0.9.1_3.16_up_boot[170905-rel56404]	5_us_0.9.1_3.16_up_boot[170905-rel56404].x
tp-link / tl-wa801n_firmware	6_eu_0.9.1_3.16_up_boot[200116-rel61815]	6_eu_0.9.1_3.16_up_boot[200116-rel61815].x
tp-link / tl-wr802n_firmware	4_us_0.9.1_3.17_up_boot[200421-rel38950]	4_us_0.9.1_3.17_up_boot[200421-rel38950].x
tp-link / archer-c3150_firmware	2_170926	2_170926.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo