ID
VAR-E-201501-0445
CVE
| cve_id: | CVE-2014-9510 | Trust: 0.3 |
TITLE
TP-Link TL-WR840N 'Import Configuration' Option Cross Site Request Forgery Vulnerability
Trust: 0.3
DESCRIPTION
TP-Link TL-WR840N is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests.
An attacker can exploit this issue to perform certain unauthorized administrative actions. Other attacks are also possible.
TP-Link TL-WR840N Router running firmware 3.13.27 Build 140714 and prior are vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | tp link | model: | tl-wr840n build | scope: | eq | version: | v13.13.27140714 | Trust: 0.3 |
| vendor: | tp link | model: | tl-wr840n | scope: | eq | version: | v13.13.27 | Trust: 0.3 |
| vendor: | tp link | model: | tl-wr840n build | scope: | ne | version: | v13.13.27141120 | Trust: 0.3 |
EXPLOIT
To exploit this issue an attacker must entice a user into visiting a malicious site.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Sean Wright, Dell SecureWorks
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2014-9510 | Trust: 0.3 |
| db: | BID | id: | 71913 | Trust: 0.3 |
REFERENCES
| url: | http://www.tp-link.com/en/ | Trust: 0.3 |
| url: | http://www.secureworks.com/advisories/swrx-2015-001/swrx-2015-001.pdf | Trust: 0.3 |
SOURCES
| db: | BID | id: | 71913 |
LAST UPDATE DATE
2022-07-27T09:27:23.569000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 71913 | date: | 2015-01-07T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 71913 | date: | 2015-01-07T00:00:00 |