Sign-up

ID

VAR-201304-0462


TITLE

TP-Link TD-8817 Router Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2013-02874 // CNNVD: CNNVD-201304-116

DESCRIPTION

The TP-Link TD-8817 is an ADSL router device. TP-Link TD-8817 has a cross-site request forgery vulnerability that allows an attacker to build a malicious URI, entice a user to resolve, and perform arbitrary operations in the target user context, such as changing the administrator password. TP-LINK TD-8817 is an ADSL2 + Ethernet / USB demodulator router. A cross-site request forgery vulnerability exists in TP-LINK TD-8817 Router. An attacker could use this vulnerability to perform certain management operations and gain unauthorized access to the affected device

Trust: 1.35

sources: CNVD: CNVD-2013-02874 // CNNVD: CNNVD-201304-116 // BID: 58921

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-02874

AFFECTED PRODUCTS

vendor:tp linkmodel:td-8817 buildscope:eqversion:6.0.1111128

Trust: 0.6

vendor:tp linkmodel:td-8817 build rel.267scope:eqversion:6.0.1111128

Trust: 0.3

sources: CNVD: CNVD-2013-02874 // BID: 58921

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-02874
value: LOW

Trust: 0.6

CNVD: CNVD-2013-02874
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-02874

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-116

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201304-116

EXTERNAL IDS

db:BIDid:58921

Trust: 1.5

db:PACKETSTORMid:121127

Trust: 0.6

db:CNVDid:CNVD-2013-02874

Trust: 0.6

db:CNNVDid:CNNVD-201304-116

Trust: 0.6

sources: CNVD: CNVD-2013-02874 // BID: 58921 // CNNVD: CNNVD-201304-116

REFERENCES

url:http://packetstormsecurity.com/files/121127/tp-link-td-8817-cross-site-request-forgery.html

Trust: 0.6

url:http://www.securityfocus.com/bid/58921

Trust: 0.6

url:http://www.tp-link.com/lk/products/details/?model=td-8817

Trust: 0.3

url:http://www.tp-link.com/

Trust: 0.3

sources: CNVD: CNVD-2013-02874 // BID: 58921 // CNNVD: CNNVD-201304-116

CREDITS

Un0wn_X

Trust: 0.9

sources: BID: 58921 // CNNVD: CNNVD-201304-116

SOURCES

db:CNVDid:CNVD-2013-02874
db:BIDid:58921
db:CNNVDid:CNNVD-201304-116

LAST UPDATE DATE

2022-05-17T01:55:57.620000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-02874date:2013-05-16T00:00:00
db:BIDid:58921date:2013-04-06T00:00:00
db:CNNVDid:CNNVD-201304-116date:2015-04-30T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-02874date:2013-04-10T00:00:00
db:BIDid:58921date:2013-04-06T00:00:00
db:CNNVDid:CNNVD-201304-116date:2013-04-12T00:00:00