Advisories

TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)

Dell SecureWorks Security Advisory SWRX-2015-001 Wednesday, January 7, 2015

Advisory Information

Title: TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)
Advisory ID: SWRX-2015-001
Date published: Wednesday, January 7, 2015
CVE: CVE-2014-9510
CVSS v2 base score: 9.3
Date of last update: Wednesday, January 7, 2015
Vendors contacted: TP-Link
Release mode: Coordinated
Discovered by: Sean Wright, Dell SecureWorks

Summary

TP-Link is a primary provider of networking equipment and wireless products for small and home offices as well as for small to midsized businesses. TL-WR840N is a combination wired/wireless router specifically targeted to small business and home office networking environments. The router's web administration console contains a cross-site request forgery (CSRF) vulnerability that allows threat actors to import their own configuration to the router. An attack could alter any configuration setting on the device.

Download the PDF: SWRX-2015-001

PGP Signature

TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)

Advisory Information

Summary

Related Content

LV Ransomware

USAID-Themed Phishing Campaign Leverages U.S. Elections Lure

Counter Threat Unit Researchers Publish Threat Group Definitions