// For flags

CVE-2020-14965

 

Severity Score

4.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.

En los dispositivos TP-Link TL-WR740N versión v4 y TL-WR740ND versión v4, un atacante con acceso al panel de administración puede inyectar código HTML y cambiar el contexto HTML de las páginas y estaciones de destino en la configuración de control de acceso por medio de Target_lists_name o hosts_lists_name. La vulnerabilidad también puede ser explotada por medio de un ataque de tipo CSRF, que no requiere autenticación como administrador

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-06-22 CVE Reserved
  • 2020-06-23 CVE Published
  • 2023-07-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL Tag Source
URL Date SRC
https://github.com/g-rubert/CVE-2020-14965 2024-08-04
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tp-link
Search vendor "Tp-link"
 Tl-wr740n Firmware
Search vendor "Tp-link" for product "Tl-wr740n Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
 Tl-wr740n
Search vendor "Tp-link" for product "Tl-wr740n"
 4.0
Search vendor "Tp-link" for product "Tl-wr740n" and version "4.0"
-
Safe
Tp-link
Search vendor "Tp-link"
 Tl-wr740nd Firmware
Search vendor "Tp-link" for product "Tl-wr740nd Firmware"
--
Affected
in Tp-link
Search vendor "Tp-link"
 Tl-wr740nd
Search vendor "Tp-link" for product "Tl-wr740nd"
 4.0
Search vendor "Tp-link" for product "Tl-wr740nd" and version "4.0"
-
Safe