PT-2020-14092 · Tp Link · Tp-Link Tl-Wr740N

Guilherme Rubert

Published

2020-06-23

Updated

2021-07-21

CVE-2020-14965

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR740N version 4 TP-Link TL-WR740ND version 4

Description The issue allows an attacker with access to the admin panel to inject HTML code, altering the HTML context of target pages and stations in access-control settings. This can be achieved via targets lists name or hosts lists name. Additionally, the issue can be exploited through a CSRF, which does not require administrator authentication.

Recommendations For TP-Link TL-WR740N version 4, consider restricting access to the admin panel to prevent unauthorized changes. For TP-Link TL-WR740ND version 4, avoid using the targets lists name and hosts lists name parameters in the access-control settings until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-14965

Affected Products

Tp-Link Tl-Wr740N

PT-2020-14092 · Tp Link · Tp-Link Tl-Wr740N

CVE-2020-14965

Weakness Enumeration

Related Identifiers

Affected Products

References · 2