[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <201409212344.s8LNiOrH020092@sf01web2.securityfocus.com>
Date: Sun, 21 Sep 2014 23:44:24 GMT
From: ozelisyan@...il.com
To: bugtraq@...urityfocus.com
Subject: TP-LINK WDR4300 - Stored XSS & DoS
Advisory Information
===============
Vendors Contacted: TP-LINK
Vendor Patched: Yes, Firmware 140916
System Affected: N750 Wireless Dual Band Gigabit Router (TL-WDR4300), might affect others.
Versions Affected: 130617 , possibly earlier
CVE Numbers Assigned: CVE-2014-4727, CVE-2014-4728
Vulnerabilities Description
===================
# Stored XSS -
It is possible inject javascript code via DHCP hostname field,
If the administrator will visit the dhcp clients page (web panel)
the script will execute.
# DoS (web server) -
Denial of service condition to the device web server, remotely or locally send the
device a "GET" request with an extra "Header" with a long value (A x 3000 times).
Proof of Concept:
============
http://elisyan.com/tplink/wdr4300.html
http://elisyan.com/tplink/wdr4300.py
Report Timeline:
===========
2014-07-04:
Vendor notified about the vulnerabilities with all the relevant technical information.
2013-09-16:
Vendor released a fix.
Credits:
======
The Vulnerabilities was discovered by Oz Elisyan.
References:
========
http://www.tp-link.com/lk/products/details/?model=TL-WDR4300
Powered by blists - more mailing lists