ID
VAR-E-201203-0121
EDB ID
36945
TITLE
TP-Link TL-WR740N 111130 - 'ping_addr' HTML Injection - Hardware remote Exploit
Trust: 0.6
DESCRIPTION
TP-Link TL-WR740N 111130 - 'ping_addr' HTML Injection. CVE-80038 . remote exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | tp link | model: | tl-wr740n | scope: | eq | version: | 111130 | Trust: 1.9 |
EXPLOIT
source: https://www.securityfocus.com/bid/52424/info
TP-LINK TL-WR740N is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
Attacker-supplied HTML or script code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.
TP-LINK TL-WR740N 111130 is vulnerable; other versions may also be affected.
1. Go to http://www.example.com/maintenance/tools_test.htm
2. make ping like </textarea><script>prompt(2)</script>
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
'ping_addr' HTML Injection
Trust: 1.0
CREDITS
l20ot
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 36945 | Trust: 1.9 |
| db: | BID | id: | 52424 | Trust: 1.9 |
| db: | EDBNET | id: | 58227 | Trust: 0.6 |
REFERENCES
| url: | https://www.securityfocus.com/bid/52424/info | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/36945/ | Trust: 0.6 |
| url: | https://www.exploit-db.com/exploits/36945 | Trust: 0.3 |
| url: | http://www.tp-link.com/en/support/download/?model=tl-wr740n | Trust: 0.3 |
SOURCES
| db: | BID | id: | 52424 |
| db: | EXPLOIT-DB | id: | 36945 |
| db: | EDBNET | id: | 58227 |
LAST UPDATE DATE
2022-07-27T09:45:25.394000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 52424 | date: | 2012-03-12T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 52424 | date: | 2012-03-12T00:00:00 |
| db: | EXPLOIT-DB | id: | 36945 | date: | 2012-03-12T00:00:00 |
| db: | EDBNET | id: | 58227 | date: | 2012-03-12T00:00:00 |