CVE-2020-14965

4.8MEDIUM

Key Information:

Vendor: Tp-link
Status: Tl-wr740n Firmware
Vendor: CVE Published:; 23 June 2020

Badges

👾 Exploit Exists🟡 Public PoC

Summary

On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-14965
Created by g-rubert

References

https://github.com/g-rubert/CVE-2020-14965

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

🟡
Public PoC available
Jun 23, 2020
👾
Exploit known to exist
Jun 23, 2020
Vulnerability published
Jun 23, 2020
Vulnerability Reserved
Jun 22, 2020