Advisory Information
- Title: TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)
- Advisory ID: SWRX-2015-001
- Date published: Wednesday, January 7, 2015
- CVE: CVE-2014-9510
- CVSS v2 base score: 9.3
- Date of last update: Wednesday, January 7, 2015
- Vendors contacted: TP-Link
- Release mode: Coordinated
- Discovered by: Sean Wright, Dell SecureWorks
Summary
TP-Link is a primary provider of networking equipment and wireless products for small and home offices as well as for small to midsized businesses. TL-WR840N is a combination wired/wireless router specifically targeted to small business and home office networking environments. The router's web administration console contains a cross-site request forgery (CSRF) vulnerability that allows threat actors to import their own configuration to the router. An attack could alter any configuration setting on the device.
Download the PDF: SWRX-2015-001