Описание
Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:tp-link:tl-wr840n_firmware:3.13.27:*:*:*:*:*:*:*
cpe:2.3:h:tp-link:tl-wr840n:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00128
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import.
EPSS
Процентиль: 33%
0.00128
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352