0 Results Found
              Back To Results
                Advisories

                TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)

                Dell SecureWorks Security Advisory SWRX-2015-001

                Advisory Information

                • Title: TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)
                • Advisory ID: SWRX-2015-001
                • Date published: Wednesday, January 7, 2015
                • CVE: CVE-2014-9510
                • CVSS v2 base score: 9.3
                • Date of last update: Wednesday, January 7, 2015
                • Vendors contacted: TP-Link
                • Release mode: Coordinated
                • Discovered by: Sean Wright, Dell SecureWorks

                Summary

                TP-Link is a primary provider of networking equipment and wireless products for small and home offices as well as for small to midsized businesses. TL-WR840N is a combination wired/wireless router specifically targeted to small business and home office networking environments. The router's web administration console contains a cross-site request forgery (CSRF) vulnerability that allows threat actors to import their own configuration to the router. An attack could alter any configuration setting on the device.

                Download the PDF: SWRX-2015-001


                PGP Signature

                Related Content