| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 21 Sep 2014 23:44:24 GMT From: ozelisyan@...il.com To: bugtraq@...urityfocus.com Subject: TP-LINK WDR4300 - Stored XSS & DoS Advisory Information =============== Vendors Contacted: TP-LINK Vendor Patched: Yes, Firmware 140916 System Affected: N750 Wireless Dual Band Gigabit Router (TL-WDR4300), might affect others. Versions Affected: 130617 , possibly earlier CVE Numbers Assigned: CVE-2014-4727, CVE-2014-4728 Vulnerabilities Description =================== # Stored XSS - It is possible inject javascript code via DHCP hostname field, If the administrator will visit the dhcp clients page (web panel) the script will execute. # DoS (web server) - Denial of service condition to the device web server, remotely or locally send the device a "GET" request with an extra "Header" with a long value (A x 3000 times). Proof of Concept: ============ http://elisyan.com/tplink/wdr4300.html http://elisyan.com/tplink/wdr4300.py Report Timeline: =========== 2014-07-04: Vendor notified about the vulnerabilities with all the relevant technical information. 2013-09-16: Vendor released a fix. Credits: ====== The Vulnerabilities was discovered by Oz Elisyan. References: ======== http://www.tp-link.com/lk/products/details/?model=TL-WDR4300
Powered by blists - more mailing lists