ID
VAR-E-201401-0464
TITLE
Multiple TP-Link Routers Multiple Cross Site Request Forgery and HTML Injection Vulnerabilities
Trust: 0.3
DESCRIPTION
Multiple TP-Link Routers are prone to multiple cross-site request-forgery and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to perform certain unauthorized actions, execute arbitrary script or HTML code within the context of the browser, and steal cookie-based authentication credentials. Other attacks are also possible.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | tp link | model: | tl-wr340gd build r | scope: | eq | version: | 4.3.7090901 | Trust: 0.3 |
| vendor: | tp link | model: | tl-wr340g build r | scope: | eq | version: | 4.3.7090901 | Trust: 0.3 |
EXPLOIT
Attackers can exploit these issues using browser. To exploit the cross-site request-forgery vulnerabilities, the attacker must entice an unsuspecting victim to visit a specially-crafted webpage.
The following example data is available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/69717.txt">/data/vulnerabilities/exploits/69717.txt</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
smash
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 69717 | Trust: 0.3 |
REFERENCES
| url: | http://www.tp-link.com/en/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 69717 |
LAST UPDATE DATE
2022-07-27T09:42:47.031000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 69717 | date: | 2014-01-07T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 69717 | date: | 2014-01-07T00:00:00 |