Sign-up

ID

VAR-E-201406-0360


TITLE

Multiple TP-Link Routers Multiple Input Validation Vulnerabilities

Trust: 0.3

sources: BID: 69716

DESCRIPTION

Multiple TP-Link Routers are prone to multiple cross-site request-forgery, cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit these vulnerabilities to perform certain unauthorized actions, execute arbitrary script or HTML code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials. Other attacks are also possible.

Trust: 0.3

sources: BID: 69716

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-wr841nd buildscope:eqversion:3.13.27121101

Trust: 0.3

vendor:tp linkmodel:tl-wr841n buildscope:eqversion:3.13.27121101

Trust: 0.3

sources: BID: 69716

EXPLOIT

An attacker can exploit these issue through a browser. To exploit cross-site scripting and cross-site request forgery issues an attacker must trick an unsuspecting victim into following a malicious URI.
The following example data is available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/69716.txt">/data/vulnerabilities/exploits/69716.txt</a></li>

Trust: 0.3

sources: BID: 69716

PRICE

Free

Trust: 0.3

sources: BID: 69716

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 69716

CREDITS

smash

Trust: 0.3

sources: BID: 69716

EXTERNAL IDS

db:BIDid:69716

Trust: 0.3

sources: BID: 69716

REFERENCES

url:http://www.tp-link.com/en/

Trust: 0.3

sources: BID: 69716

SOURCES

db:BIDid:69716

LAST UPDATE DATE

2022-07-27T09:54:18.964000+00:00


SOURCES UPDATE DATE

db:BIDid:69716date:2014-06-30T00:00:00

SOURCES RELEASE DATE

db:BIDid:69716date:2014-06-30T00:00:00