TP-LINK Multiple HTML Injection Vulnerabilities
CVE-2020-14965 ██╗ ██╗████████╗███╗ ███╗██╗ ██╗███╗ ██╗ ██╗███████╗ ██████╗████████╗██╗ ██████╗ ███╗ ██╗ ██║ ██║╚══██╔══╝████╗ ████║██║
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tp-link tl-wr740n_firmware - |
||
tp-link tl-wr740nd_firmware - |