Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9510

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-9510
Last Modified 12 Jan 2015 08:49:29
Published 09 Jan 2015 01:59:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9510

Summary

Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import.

Vulnerable Systems

Operating System

  • Tp-link Tl-wr840n Firmware 3.13.27


References

CONFIRM - http://www.tp-link.com/en/support/download/?model=TL-WR840N&version=V1

BID - 71913

MISC - http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2015-001/

FULLDISC - 20150107 CVE-2014-9510 - TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)


Last Updated: 27 May 2016 11:07:30