Published: 06/10/2014 Updated: 06/10/2014

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote malicious users to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tp-link firmware tl-wr1043nd_v1_120405

source: wwwsecurityfocuscom/bid/59442/info The TP-Link TL-WR1043N Router is prone to a cross-site request-forgery vulnerability Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device d> <title>Cisco WRT310Nv2 Firmware v2001 CSRF/XSS</title> <! ...

CWE-352 http://securityevaluators.com/knowledge/case_studies/routers/tp-link_wr1043n.php https://nvd.nist.gov https://www.exploit-db.com/exploits/38492/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-2645

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect