JVNDB-2025-000052

[Japanese]
JVNDB-2025-000052
TP-Link Archer C1200 vulnerable to clickjacking
Overview
Archer C1200 provided by TP-Link Systems Inc. contains the following vulnerability. Clickjacking (CWE-1021) - CVE-2025-6983 Daimon Kawashima reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 4.3 (Medium) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality Impact: None Integrity Impact: Low Availability Impact: None
Affected Products

TP-Link Systems Inc. Archer C1200 version 1.1.5 and earlier

Impact
If a user views a malicious page while logged in to the management Web application, they may be tricked into clicking hidden UI elements, resulting in unintended operations.
Solution
[Stop using the products and Switch to alternative products] The developer states that the affected products are no longer supported, and recommends to use alternative unaffected products.
Vendor Information
TP-Link Systems Inc. TP-Link Systems Inc. : Statement on Clickjacking vulnerability on the management web application of TP-Link Archer C1200 (CVE-2025-6983) TP-Link Systems Inc. : Archer C1200 discontinued (in Japanese)
CWE (What is CWE?)
No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)
CVE-2025-6983
References
JVN : JVN#39913189
Revision History
[2025/07/24] Web page was published

TP-Link Archer C1200 vulnerable to clickjacking