Cross-Site Request Forgery Vulnerability in TP-Link Router
CVE-2018-15702

8.8HIGH

Key Information:

Vendor: Tp-link
Status: Tp-link Tl-wrn841n
Vendor: CVE Published:; 1 October 2018

Summary

The web interface of the TP-Link TL-WRN841N router is susceptible to Cross-Site Request Forgery due to a lack of proper validation of the referer field. This vulnerability can allow unauthorized commands to be executed on the device, potentially compromising the security and functionality of the affected router. It is crucial for users to implement measures to mitigate this risk and ensure their network remains secure.

Affected Version(s)

TP-Link TL-WRN841N Firmware versions 0.9.1 4.16 v0348.0 and below

References

https://www.tenable.com/security/research/tra-2018-27

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 1, 2018
Vulnerability Reserved
Aug 22, 2018