TP-LINK TL-WR740N Multiple Vulnerabilities - Stored XSS - Web Console and Upnp server DoS

Posted by krizzyla |


[Vendor Product Description]
  • The TL-WR740N is a combined wired/wireless network connection device integrated with internet-sharing router and 4-port switch.
  • The wireless Lite- Router is 802.11b & g compatible based on 802.11n technology and gives you 802.11n performance up to 150Mbps
  • at an even more affordable price.
  • Source: http://www.tp-link.com/products/productDetails.asp?pmodel=TL-WR740N
[DCA-2011-0001]

[Discussion]

  • DcLabs Security Research Group advises about following vulnerability(ies):


    • [Software/Hardware]
    • TP-LINK TL-WR740N
    [Advisory Timeline]
    • 02/Feb/2011 -> First notification sent.
    • No vendor reply
    • 08/Feb/2011 -> Second Notification sent.
    • No vendor reply
    • 04/Mar/2011 -> Advisory Published.
    [Bug Summary]
    • Stored XSS
    • Web Console and UPnP service DoS
    [Impact]
    • Low
    [Affected Version]
    • Firmware Version: 3.12.4 Build 100910 Rel.57694n
    • Firmware Version: 3.11.7 Build 100603 Rel.56412n
    • Other versions can also be affected but wasn't tested.
    [Bug Description and Proof of Concept] + Stored XSS (Cross Site Scripting)
    • Tp-Link does not validate/sanitize the user input data, leading to a stored XSS + Denial of Service If Ten (10) or more crafted packets are sent in less than 1 second, addressing WebConsole or UPnP port, the respective service becomes unresponsive.
    All flaws described here were discovered and researched by: Ewerson Guimaraes aka Crash. DcLabs Security Research Group crash dclabs com br [Workarounds] - No workaround was provided addressing these vulnerabilities. [Credits] DcLabs Security Research Group -- Ewerson Guimaraes (Crash) Pentester/Researcher DcLabs Security Team www.dclabs.com.br

    0 comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)