lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <AAF01196463D4348B07BEA8EF813B23333DEC998@ATL1EX02.corp.secureworks.net>
Date: Wed, 7 Jan 2015 22:11:42 +0000
From: Sean Wright <swright@...ureworks.com>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] CVE-2014-9510 - TP-Link TL-WR840N Configuration Import
 Cross-Site Request Forgery (CSRF)

Classification: //Dell SecureWorks/Confidential - Limited External
Distribution:

############################################################################
# * Title: TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery
(CSRF)
# * Advisory ID: SWRX-2015-001
# * Advisory URL:
http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2015-00
1/
# * Date published: Wednesday, January 7, 2015
# * CVE: CVE-2014-9510
# * CVSS v2 base score: 9.3
# * Date of last update: Wednesday, January 7, 2015
# * Vendors contacted: TP-Link
# * Release mode: Coordinated
# * Discovered by: Sean Wright, Dell SecureWorks
############################################################################

Summary:
TP-Link is a primary provider of networking equipment and wireless products
for small and home offices as well as for small to midsized businesses.
TL-WR840N is a combination wired/wireless router specifically targeted to
small business and home office networking environments. The router's web
administration console contains a cross-site request forgery (CSRF)
vulnerability that allows threat actors to import their own configuration to
the router. An attack could alter any configuration setting on the device.
----------------------------------------------------------------------------
Affected products:
This vulnerability affects TP-Link TL-WR840N v1 (firmware 3.13.27, build
140714 and prior).
----------------------------------------------------------------------------
Vendor information, solutions, and workarounds:
TL-WR840N users should upgrade the router's firmware to 3.13.27, build
141120 or later.
----------------------------------------------------------------------------
Details:
The TP-Link TL-WR840N router provides a web administration console that
enables the device owner to
change the router's configuration. The administration console includes an
option to import an existing
configuration from a binary file, but this feature is vulnerable to CSRF
attacks. A threat actor could use
social engineering to trick a victim into visiting a malicious web page that
exploits the CSRF vulnerability
and imports a malicious configuration file via the router's web
administration console. The attacker
could change any settings on the router, including the firewall settings and
the router's remote
administration capabilities. If the device owner has not changed the default
username and password,
then the attack would not require the victim to log into the router's web
administration console.
----------------------------------------------------------------------------


Download attachment "smime.p7s" of type "application/pkcs7-signature" (6163 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ