9.3
CVSSv2

CVE-2013-2645

Published: 06/10/2014 Updated: 06/10/2014
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote malicious users to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm.

Affected Products

Vendor Product Versions
Tp-linkFirmwareTl-wr1043nd V1 120405

Exploits

source: wwwsecurityfocuscom/bid/59442/info The TP-Link TL-WR1043N Router is prone to a cross-site request-forgery vulnerability Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device d> <title>Cisco WRT310Nv2 Firmware v2001 CSRF/XSS</title> <! ...