CVE-2020-14965

Опубликовано: 23 июн. 2020

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.

Ссылки

https://github.com/g-rubert/CVE-2020-14965
Third Party Advisory
https://github.com/g-rubert/CVE-2020-14965
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tp-link:tl-wr740n_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr740n:4.0:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:tp-link:tl-wr740nd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:tp-link:tl-wr740nd:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00185

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-q8h5-chqq-p9j3

github

больше 3 лет назад