Sign-up

ID

VAR-201302-0512


TITLE

Multiple Cross-Site Request Forgery Vulnerabilities in TP-LINK TL-WR2543ND Management Panel

Trust: 0.6

sources: CNVD: CNVD-2013-01044

DESCRIPTION

The TP-LINK TL-WR2543ND is a wireless router device. TP-LINK TL-WR2543ND has multiple cross-site request forgery vulnerabilities, which allows an attacker to exploit a vulnerability to construct a malicious URI, entice a user to resolve, and perform malicious operations in the target user context. TP-LINK TL-WR2543ND is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests. Exploiting these issues may allow a remote attacker to change a device's configuration and perform other unauthorized actions. TP-LINK TL-WR2543ND 3.13.6 Build 110923 is vulnerable; other versions may also be affected

Trust: 0.81

sources: CNVD: CNVD-2013-01044 // BID: 57877

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-01044

AFFECTED PRODUCTS

vendor:tp linkmodel:tl-wr2543ndscope: - version: -

Trust: 0.6

vendor:tp linkmodel:tl-wr2543nd buildscope:eqversion:3.13.6110923

Trust: 0.3

sources: CNVD: CNVD-2013-01044 // BID: 57877

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-345

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201302-345

EXTERNAL IDS

db:BIDid:57877

Trust: 1.5

db:CNVDid:CNVD-2013-01044

Trust: 0.6

db:CNNVDid:CNNVD-201302-345

Trust: 0.6

sources: CNVD: CNVD-2013-01044 // BID: 57877 // CNNVD: CNNVD-201302-345

REFERENCES

url:http://www.securityfocus.com/bid/57877

Trust: 1.2

url:http://packetstorm.foofus.com/1302-exploits/tplink-xsrf.pdf

Trust: 0.3

url:http://www.tp-link.com/us/products/details/?model=tl-wr2543nd

Trust: 0.3

url:http://www.tp-link.com/en/

Trust: 0.3

sources: CNVD: CNVD-2013-01044 // BID: 57877 // CNNVD: CNNVD-201302-345

CREDITS

Juan Manuel Garcia

Trust: 0.9

sources: BID: 57877 // CNNVD: CNNVD-201302-345

SOURCES

db:CNVDid:CNVD-2013-01044
db:BIDid:57877
db:CNNVDid:CNNVD-201302-345

LAST UPDATE DATE

2022-05-17T01:43:25.715000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-01044date:2013-02-19T00:00:00
db:BIDid:57877date:2013-02-08T00:00:00
db:CNNVDid:CNNVD-201302-345date:2013-02-22T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-01044date:2013-02-19T00:00:00
db:BIDid:57877date:2013-02-08T00:00:00
db:CNNVDid:CNNVD-201302-345date:2013-02-22T00:00:00