var-201501-0652
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. The TP-Link TL-WR840N is a wireless router device. An attacker could exploit this vulnerability to perform certain unauthorized actions. Other attacks are also possible. TP-Link TL-WR840N Router running firmware 3.13.27 Build 140714 and prior are vulnerable. Classification: //Dell SecureWorks/Confidential - Limited External Distribution:
* Title: TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery
(CSRF)
* Advisory ID: SWRX-2015-001
* Advisory URL:
http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2015-00 1/
* Date published: Wednesday, January 7, 2015
* CVE: CVE-2014-9510
* CVSS v2 base score: 9.3
* Date of last update: Wednesday, January 7, 2015
* Vendors contacted: TP-Link
* Release mode: Coordinated
* Discovered by: Sean Wright, Dell SecureWorks
Summary: TP-Link is a primary provider of networking equipment and wireless products for small and home offices as well as for small to midsized businesses. TL-WR840N is a combination wired/wireless router specifically targeted to small business and home office networking environments. An attack could alter any configuration setting on the device.
Vendor information, solutions, and workarounds: TL-WR840N users should upgrade the router's firmware to 3.13.27, build 141120 or later.
Details: The TP-Link TL-WR840N router provides a web administration console that enables the device owner to change the router's configuration. The administration console includes an option to import an existing configuration from a binary file, but this feature is vulnerable to CSRF attacks. A threat actor could use social engineering to trick a victim into visiting a malicious web page that exploits the CSRF vulnerability and imports a malicious configuration file via the router's web administration console. The attacker could change any settings on the router, including the firewall settings and the router's remote administration capabilities. If the device owner has not changed the default username and password, then the attack would not require the victim to log into the router's web administration console.
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0652",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tl-wr840n",
"scope": "eq",
"trust": 1.6,
"vendor": "tp link",
"version": "3.13.27"
},
{
"model": "tl-wr840n",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wr840n",
"scope": "lt",
"trust": 0.8,
"vendor": "tp link",
"version": "3.13.27 build 141120"
},
{
"model": "tl-wr840n build",
"scope": "lte",
"trust": 0.6,
"vendor": "tp link",
"version": "\u003c=3.13.27140714"
},
{
"model": "tl-wr840n build",
"scope": "eq",
"trust": 0.3,
"vendor": "tp link",
"version": "v13.13.27140714"
},
{
"model": "tl-wr840n",
"scope": "eq",
"trust": 0.3,
"vendor": "tp link",
"version": "v13.13.27"
},
{
"model": "tl-wr840n build",
"scope": "ne",
"trust": 0.3,
"vendor": "tp link",
"version": "v13.13.27141120"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00188"
},
{
"db": "BID",
"id": "71913"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007578"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-184"
},
{
"db": "NVD",
"id": "CVE-2014-9510"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:tp-link:tl-wr840n",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-wr840n_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007578"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sean Wright, Dell SecureWorks",
"sources": [
{
"db": "BID",
"id": "71913"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-184"
}
],
"trust": 0.9
},
"cve": "CVE-2014-9510",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-9510",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-00188",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-77455",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9510",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-9510",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-00188",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-184",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-77455",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00188"
},
{
"db": "VULHUB",
"id": "VHN-77455"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007578"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-184"
},
{
"db": "NVD",
"id": "CVE-2014-9510"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import. The TP-Link TL-WR840N is a wireless router device. An attacker could exploit this vulnerability to perform certain unauthorized actions. Other attacks are also possible. \nTP-Link TL-WR840N Router running firmware 3.13.27 Build 140714 and prior are vulnerable. Classification: //Dell SecureWorks/Confidential - Limited External\nDistribution:\n\n############################################################################\n# * Title: TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery\n(CSRF)\n# * Advisory ID: SWRX-2015-001\n# * Advisory URL:\nhttp://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2015-00\n1/\n# * Date published: Wednesday, January 7, 2015\n# * CVE: CVE-2014-9510\n# * CVSS v2 base score: 9.3\n# * Date of last update: Wednesday, January 7, 2015\n# * Vendors contacted: TP-Link\n# * Release mode: Coordinated\n# * Discovered by: Sean Wright, Dell SecureWorks\n############################################################################\n\nSummary:\nTP-Link is a primary provider of networking equipment and wireless products\nfor small and home offices as well as for small to midsized businesses. \nTL-WR840N is a combination wired/wireless router specifically targeted to\nsmall business and home office networking environments. An attack could alter any configuration setting on the device. \n----------------------------------------------------------------------------\nVendor information, solutions, and workarounds:\nTL-WR840N users should upgrade the router\u0027s firmware to 3.13.27, build\n141120 or later. \n----------------------------------------------------------------------------\nDetails:\nThe TP-Link TL-WR840N router provides a web administration console that\nenables the device owner to\nchange the router\u0027s configuration. The administration console includes an\noption to import an existing\nconfiguration from a binary file, but this feature is vulnerable to CSRF\nattacks. A threat actor could use\nsocial engineering to trick a victim into visiting a malicious web page that\nexploits the CSRF vulnerability\nand imports a malicious configuration file via the router\u0027s web\nadministration console. The attacker\ncould change any settings on the router, including the firewall settings and\nthe router\u0027s remote\nadministration capabilities. If the device owner has not changed the default\nusername and password,\nthen the attack would not require the victim to log into the router\u0027s web\nadministration console. \n----------------------------------------------------------------------------\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9510"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007578"
},
{
"db": "CNVD",
"id": "CNVD-2015-00188"
},
{
"db": "BID",
"id": "71913"
},
{
"db": "VULHUB",
"id": "VHN-77455"
},
{
"db": "PACKETSTORM",
"id": "129861"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-77455",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77455"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9510",
"trust": 3.5
},
{
"db": "BID",
"id": "71913",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007578",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201501-184",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-00188",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "129861",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77455",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00188"
},
{
"db": "VULHUB",
"id": "VHN-77455"
},
{
"db": "BID",
"id": "71913"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007578"
},
{
"db": "PACKETSTORM",
"id": "129861"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-184"
},
{
"db": "NVD",
"id": "CVE-2014-9510"
}
]
},
"id": "VAR-201501-0652",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00188"
},
{
"db": "VULHUB",
"id": "VHN-77455"
}
],
"trust": 1.1563636499999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00188"
}
]
},
"last_update_date": "2024-11-23T22:31:11.028000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TL-WR840N",
"trust": 0.8,
"url": "http://www.tp-link.com/en/support/download/?model=TL-WR840N\u0026version=V1"
},
{
"title": "TP-Link TL-WR840N \u0027Import Configuration\u0027 option cross-site request forgery vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/53779"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00188"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007578"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77455"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007578"
},
{
"db": "NVD",
"id": "CVE-2014-9510"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/71913"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/jan/14"
},
{
"trust": 1.7,
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/swrx-2015-001/"
},
{
"trust": 1.6,
"url": "http://www.tp-link.com/en/support/download/?model=tl-wr840n\u0026version=v1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9510"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9510"
},
{
"trust": 0.3,
"url": "http://www.tp-link.com/en/"
},
{
"trust": 0.3,
"url": "http://www.secureworks.com/advisories/swrx-2015-001/swrx-2015-001.pdf"
},
{
"trust": 0.1,
"url": "http://www.tp-link.com/en/support/download/?model=tl-wr840n\u0026amp;version=v1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9510"
},
{
"trust": 0.1,
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/swrx-2015-00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00188"
},
{
"db": "VULHUB",
"id": "VHN-77455"
},
{
"db": "BID",
"id": "71913"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007578"
},
{
"db": "PACKETSTORM",
"id": "129861"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-184"
},
{
"db": "NVD",
"id": "CVE-2014-9510"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-00188"
},
{
"db": "VULHUB",
"id": "VHN-77455"
},
{
"db": "BID",
"id": "71913"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007578"
},
{
"db": "PACKETSTORM",
"id": "129861"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-184"
},
{
"db": "NVD",
"id": "CVE-2014-9510"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00188"
},
{
"date": "2015-01-09T00:00:00",
"db": "VULHUB",
"id": "VHN-77455"
},
{
"date": "2015-01-07T00:00:00",
"db": "BID",
"id": "71913"
},
{
"date": "2015-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007578"
},
{
"date": "2015-01-08T22:00:25",
"db": "PACKETSTORM",
"id": "129861"
},
{
"date": "2015-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-184"
},
{
"date": "2015-01-09T18:59:09.210000",
"db": "NVD",
"id": "CVE-2014-9510"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00188"
},
{
"date": "2015-01-13T00:00:00",
"db": "VULHUB",
"id": "VHN-77455"
},
{
"date": "2015-01-07T00:00:00",
"db": "BID",
"id": "71913"
},
{
"date": "2015-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007578"
},
{
"date": "2015-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-184"
},
{
"date": "2024-11-21T02:21:03.620000",
"db": "NVD",
"id": "CVE-2014-9510"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-184"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TP-Link TL-WR840N Cross-site request forgery vulnerability in router firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007578"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-184"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…