Advisory

TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)

Dell SecureWorks Security Advisory SWRX-2015-001

Advisory Information

  • Title: TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)
  • Advisory ID: SWRX-2015-001
  • Date published: Wednesday, January 7, 2015
  • CVE: CVE-2014-9510
  • CVSS v2 base score: 9.3
  • Date of last update: Wednesday, January 7, 2015
  • Vendors contacted: TP-Link
  • Release mode: Coordinated
  • Discovered by: Sean Wright, Dell SecureWorks

Summary

TP-Link is a primary provider of networking equipment and wireless products for small and home offices as well as for small to midsized businesses. TL-WR840N is a combination wired/wireless router specifically targeted to small business and home office networking environments. The router's web administration console contains a cross-site request forgery (CSRF) vulnerability that allows threat actors to import their own configuration to the router. An attack could alter any configuration setting on the device.

Download the PDF: SWRX-2015-001

PGP Signature

Back to more Threat Analyses and Advisories

TRY TAEGIS TODAY!

See for yourself: Request your demo to see how Taegis can reduce risk, optimize existing security investments, and fill talent gaps.