XSS Vulnerability in TP-LINK N750 Wireless Dual Band Gigabit Router
CVE-2014-4727

Currently unrated

Key Information:

Vendor: Tp-link
Status: Tl-wdr4300 Firmware; Tl-wdr4300
Vendor: CVE Published:; 30 September 2014

Summary

A cross-site scripting (XSS) vulnerability exists in the DHCP clients page of the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300). When exploited, this flaw allows remote attackers to inject arbitrary web scripts or HTML into the device's management interface via the hostname field in a DHCP request. This could lead to unauthorized access and control over the router, jeopardizing the security of the entire network.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/96139

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/533501/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/533499/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Sep 30, 2014
Vulnerability Reserved
Jul 8, 2014