ID
VAR-201401-0734
TITLE
TP-Link TD-W8951ND Firmware Unauthorized Download Password Disclosure Vulnerability
Trust: 0.6
sources:
CNVD: CNVD-2014-00459
DESCRIPTION
The TP-Link TD-W8951ND is a wireless router product. The TP-Link TD-W8951ND series router products can access the Firmware/Romfile Upgrade of the router panel without authentication. There is an unauthorized access security vulnerability in the implementation. The remote attacker can use this vulnerability to download the router configuration file and obtain management through the decompression software. Password, which in turn performs unauthorized administrator operations. It is also possible to perform a phishing attack.
Trust: 0.6
sources:
CNVD: CNVD-2014-00459
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2014-00459
AFFECTED PRODUCTS
| vendor: | tp link | model: | td-w8951nd router | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2014-00459
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2014-00459
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2014-00459 | Trust: 0.6 |
sources:
CNVD: CNVD-2014-00459
REFERENCES
| url: | http://securityaffairs.co/wordpress/21293/hacking/tp-link-routers-vulnerable.html | Trust: 0.6 |
| url: | http://rootatnasro.wordpress.com/2014/01/11/how-i-saved-your-a-from-the-zynos-rom-0-attack-full-disclosure/ | Trust: 0.6 |
sources:
CNVD: CNVD-2014-00459
SOURCES
| db: | CNVD | id: | CNVD-2014-00459 |
LAST UPDATE DATE
2022-05-04T10:16:39.573000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-00459 | date: | 2014-01-21T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-00459 | date: | 2014-01-21T00:00:00 |