Details of VAR-201103-0382

ID

VAR-201103-0382

TITLE

TP-LINK TL-WR740N Router HTML Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2011-0963

DESCRIPTION

It sends 10 or more consecutive messages to the web console or UPnP port within 1 second, and the service becomes unresponsive. The TP-LINK TL-WR740N Router is a wireless router. A security vulnerability exists in the TP-LINK TL-WR740N Router. The TP-LINK TL-WR740N router does not filter user input data, which can lead to cross-site scripting attacks. Exploiting the HTML-injection issue may allow an attacker to execute HTML and script code in the context of the device, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible. Attackers can exploit the denial-of-service issue to make the affected device unresponsive, resulting in a denial-of-service condition. TL-WR740N 3.12.4 Build 100910 Rel.57694n and 3.11.7 Build 100603 Rel.56412n versions are vulnerable; other versions may also be affected

Trust: 1.35

sources: CNVD: CNVD-2011-0963 // CNVD: CNVD-2011-0962 // BID: 46738

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2011-0963 // CNVD: CNVD-2011-0962

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-wr740n build	scope:	eq	version:	3.11.7100603.	Trust: 1.5
vendor:	tp link	model:	tl-wr740n build	scope:	eq	version:	3.12.4100910.	Trust: 1.5

sources: CNVD: CNVD-2011-0963 // CNVD: CNVD-2011-0962 // BID: 46738

THREAT TYPE

network

Trust: 0.3

sources: BID: 46738

TYPE

Unknown

Trust: 0.3

sources: BID: 46738

EXTERNAL IDS

db:	BID	id:	46738	Trust: 1.5
db:	CNVD	id:	CNVD-2011-0963	Trust: 0.6
db:	CNVD	id:	CNVD-2011-0962	Trust: 0.6

sources: CNVD: CNVD-2011-0963 // CNVD: CNVD-2011-0962 // BID: 46738

REFERENCES

url:	http://www.securityfocus.com/archive/1/516863	Trust: 1.2
url:	http://www.tp-link.com/products/productdetails.asp?pmodel=tl-wr740n	Trust: 0.3
url:	/archive/1/516863	Trust: 0.3

sources: CNVD: CNVD-2011-0963 // CNVD: CNVD-2011-0962 // BID: 46738

CREDITS

Ewerson Guimaraes aka Crash. DcLabs Security Research Group

Trust: 0.3

sources: BID: 46738

SOURCES

db:	CNVD	id:	CNVD-2011-0963
db:	CNVD	id:	CNVD-2011-0962
db:	BID	id:	46738

LAST UPDATE DATE

2022-05-17T01:41:36.728000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-0963	date:	2011-03-08T00:00:00
db:	CNVD	id:	CNVD-2011-0962	date:	2011-03-08T00:00:00
db:	BID	id:	46738	date:	2011-03-04T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-0963	date:	2011-03-08T00:00:00
db:	CNVD	id:	CNVD-2011-0962	date:	2011-03-08T00:00:00
db:	BID	id:	46738	date:	2011-03-04T00:00:00