0 Results Found
            Back To Results
              Advisory

              TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)

              Dell SecureWorks Security Advisory SWRX-2015-001

              Advisory Information

              • Title: TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)
              • Advisory ID: SWRX-2015-001
              • Date published: Wednesday, January 7, 2015
              • CVE: CVE-2014-9510
              • CVSS v2 base score: 9.3
              • Date of last update: Wednesday, January 7, 2015
              • Vendors contacted: TP-Link
              • Release mode: Coordinated
              • Discovered by: Sean Wright, Dell SecureWorks

              Summary

              TP-Link is a primary provider of networking equipment and wireless products for small and home offices as well as for small to midsized businesses. TL-WR840N is a combination wired/wireless router specifically targeted to small business and home office networking environments. The router's web administration console contains a cross-site request forgery (CSRF) vulnerability that allows threat actors to import their own configuration to the router. An attack could alter any configuration setting on the device.

              Download the PDF: SWRX-2015-001


              PGP Signature

              Related Content