CVE-2013-2645 – TP-Link TL-WR1043N Router - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-2645
Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm. Múltiples vulnerabilidades de CSRF en el router TP-LINK WR1043N con firmware TL-WR1043ND_V1_120405 permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) habilitan el acceso FTP (también conocido como 'salto de directorio de FTP') a /tmp a través del parámetro shareEntire en userRpm/NasFtpCfgRpm.htm, (2) cambian la contraseña de administración FTP a través del parámetro nas_admin_pwd en userRpm/NasUserAdvRpm.htm, (3) habilitan FTP en la interfaz WAN a través del parámetro internetA en userRpm/NasFtpCfgRpm.htm, (4) lanzan el servicio FTP a través del parámetro startFtp en userRpm/NasFtpCfgRpm.htm, o (5) habilitan o deshabilitan los límites de la banda ancha a través del parámetro QoSCtrl en userRpm/QoSCfgRpm.htm. • https://www.exploit-db.com/exploits/38492 http://securityevaluators.com/knowledge/case_studies/routers/tp-link_wr1043n.php • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-4727 – TP-LINK WDR4300 XSS / Denial Of Service
https://notcve.org/view.php?id=CVE-2014-4727
Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request. Vulnerabilidad de XSS en la página de clientes DHCP en el router TP-LINK N750 Wireless Dual Band Gigabit (TL-WDR4300) con firmware anterior a 140916 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del nombre del anfitrión en una solicitud DHCP. TP-LINK WDR4300 suffers from cross site scripting and denial of service vulnerabilities. • http://packetstormsecurity.com/files/128343/TP-LINK-WDR4300-XSS-Denial-Of-Service.html http://seclists.org/fulldisclosure/2014/Sep/80 http://www.securityfocus.com/archive/1/533499/100/0/threaded http://www.securityfocus.com/archive/1/533501/100/0/threaded http://www.securityfocus.com/bid/70037 https://exchange.xforce.ibmcloud.com/vulnerabilities/96139 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-4728 – TP-LINK WDR4300 XSS / Denial Of Service
https://notcve.org/view.php?id=CVE-2014-4728
The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request. El servidor web en el router TP-LINK N750 Wireless Dual Band Gigabit (TL-WDR4300) con firmware anterior a 140916 permite a atacantes remotos causar una denegación de servicio (caída) a través de una cabecera larga en una solicitud GET. TP-LINK WDR4300 suffers from cross site scripting and denial of service vulnerabilities. • http://packetstormsecurity.com/files/128343/TP-LINK-WDR4300-XSS-Denial-Of-Service.html http://seclists.org/fulldisclosure/2014/Sep/80 http://www.securityfocus.com/archive/1/533499/100/0/threaded http://www.securityfocus.com/archive/1/533501/100/0/threaded http://www.securityfocus.com/bid/70037 https://exchange.xforce.ibmcloud.com/vulnerabilities/96140 • CWE-399: Resource Management Errors •
CVE-2013-6786
https://notcve.org/view.php?id=CVE-2013-6786
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately. Vulnerabilidad de XSS en Allegro RomPager anterior a la versión 4.51, tal y como se usa en ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, y D-Link DSL-2640R y DSL-2641R, cuando los mecanismos de protección "forbidden author header" son evadidos, permite a atacantes remotos inyectar script Web o HTML arbitrario mediante la petición de una URI no existente en conjunción con una cabecera HTTP Referer manipulada que no es manejada adecuadamente en una página 404. NOTA: no hay CVE para una "redirección de URL", que algunas fuentes enumeran por separado. • http://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf http://osvdb.org/99694 http://osvdb.org/ref/99/rompager407.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-2578 – TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-2578
cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the ServerName parameter and (2) other unspecified parameters. cgi-bin/admin/servetest en cámaras IP TP-Link TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G y posiblemente otros modelos anteriores al firmware beta LM.1.6.18P12_sign6 permite a atacantes remotos ejecutar comandos de forma arbitraria a través de metacaracteres shell en (1) el parámetro Servername y (2) otros parámetros no especificados. • https://www.exploit-db.com/exploits/27289 http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •