Published:2025/07/24 Last Updated:2025/07/24
JVN#39913189
TP-Link Archer C1200 vulnerable to clickjacking
Overview
Archer C1200 provided by TP-Link Systems Inc. contains a clickjacking vulnerability.
Products Affected
- Archer C1200 version 1.1.5 and earlier
Description
Archer C1200 provided by TP-Link Systems Inc. contains the following vulnerability.
- Clickjacking (CWE-1021)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3
- CVE-2025-6983
Impact
If a user views a malicious page while logged in to the management Web application, they may be tricked into clicking hidden UI elements, resulting in unintended operations.
Solution
Stop using the products and Switch to alternative products
The developer states that the affected products are no longer supported, and recommends to use alternative unaffected products.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Daimon Kawashima reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
|
| JVN iPedia |
JVNDB-2025-000052 |