Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31199
HistoryOct 14, 2014 - 12:00 a.m.

TP-LINK WDR4300 - Stored XSS & DoS

2014-10-1400:00:00
vulners.com
52

Advisory Information

Vendors Contacted: TP-LINK
Vendor Patched: Yes, Firmware 140916
System Affected: N750 Wireless Dual Band Gigabit Router (TL-WDR4300), might affect others.
Versions Affected: 130617 , possibly earlier
CVE Numbers Assigned: CVE-2014-4727, CVE-2014-4728

Vulnerabilities Description

Stored XSS -

It is possible inject javascript code via DHCP hostname field,
If the administrator will visit the dhcp clients page (web panel)
the script will execute.

DoS (web server) -

Denial of service condition to the device web server, remotely or locally send the
device a "GET" request with an extra "Header" with a long value (A x 3000 times).

Proof of Concept:

http://elisyan.com/tplink/wdr4300.html
http://elisyan.com/tplink/wdr4300.py

Report Timeline:

2014-07-04:
Vendor notified about the vulnerabilities with all the relevant technical information.

2013-09-16:
Vendor released a fix.

Credits:

The Vulnerabilities was discovered by Oz Elisyan.

References:

http://www.tp-link.com/lk/products/details/?model=TL-WDR4300

Related for SECURITYVULNS:DOC:31199