Multiple CSRF Vulnerabilities in TP-Link TL-WDR4300 by TP-Link
CVE-2013-4848

8.8HIGH

Key Information:

Vendor
Tp-link
Status
Tl-wdr4300 Firmware
Vendor
CVE Published:
25 October 2019

Summary

The TP-Link TL-WDR4300 version 3.13.31 is prone to multiple Cross-Site Request Forgery (CSRF) vulnerabilities. These vulnerabilities can allow an attacker to trick a user into executing unwanted actions on the router while authenticated. Exploiting these weaknesses could lead to unauthorized changes in the router's configuration, thereby compromising the device's integrity and the security of the network it serves. Users are encouraged to apply necessary updates and review configurations to enhance their security posture.

References

https://www.ise.io/casestudies/exploiting-soho-routers/
x_refsource_MISC
https://www.ise.io/soho_service_hacks/
x_refsource_MISC
https://www.ise.io/wp-content/uploads/2017/06/soho_defcon...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.