ID
VAR-201409-1257
TITLE
Multiple TP-LINK Router Input Validation Vulnerabilities
Trust: 0.6
DESCRIPTION
TP-Link is a well-known supplier of network and communication equipment. Multiple TP-LINK routers have request forgery, cross-site scripting, and HTML injection vulnerabilities due to insufficient filtering of user-supplied input. An attacker could exploit this vulnerability to perform certain unauthorized actions, execute arbitrary scripts or HTML code, or steal cookie-based authentication certificates in the affected site's uninformed user's browser. Other attacks are also possible
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | tp link | model: | routers | scope: | - | version: | - | Trust: 0.6 |
| vendor: | tp link | model: | tl-wr841nd build | scope: | eq | version: | 3.13.27121101 | Trust: 0.3 |
| vendor: | tp link | model: | tl-wr841n build | scope: | eq | version: | 3.13.27121101 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 69716 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2014-05708 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/bid/69716/info | Trust: 0.6 |
| url: | http://www.tp-link.com/en/ | Trust: 0.3 |
CREDITS
smash
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2014-05708 |
| db: | BID | id: | 69716 |
LAST UPDATE DATE
2022-05-17T02:03:21.003000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-05708 | date: | 2014-09-15T00:00:00 |
| db: | BID | id: | 69716 | date: | 2014-06-30T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-05708 | date: | 2014-09-15T00:00:00 |
| db: | BID | id: | 69716 | date: | 2014-06-30T00:00:00 |