Vulnerability Details : CVE-2014-9510
Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2014-9510
- cpe:2.3:o:tp-link:tl-wr840n_firmware:3.13.27:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-9510
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-9510
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2014-9510
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-9510
-
http://www.securityfocus.com/bid/71913
TP-Link TL-WR840N 'Import Configuration' Option Cross Site Request Forgery Vulnerability
-
http://seclists.org/fulldisclosure/2015/Jan/14
Full Disclosure: CVE-2014-9510 - TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF)
-
http://www.tp-link.com/en/support/download/?model=TL-WR840N&version=V1
Download Center | TP-LinkPatch
-
http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2015-001/
TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery | Secureworks
Jump to