Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25906
HistoryMar 11, 2011 - 12:00 a.m.

[DCA-2011-0001] TP-LINK TL-WR740N Multiple Vulnerabilities - Stored XSS - Web Console and Upnp server DoS

2011-03-1100:00:00
vulners.com
17

[DCA-2011-0001]

[Discussion]

  • DcLabs Security Research Group advises about following vulnerability(ies):

[Software/Hardware]

  • TP-LINK TL-WR740N

[Vendor Product Description]

  • The TL-WR740N is a combined wired/wireless network connection device
    integrated with internet-sharing router and 4-port switch.
    The wireless Lite- Β Router is 802.11b & g compatible based on 802.11n
    technology and gives you 802.11n performance up to 150Mbps
    at an even more affordable price.
  • Source: http://www.tp-link.com/products/productDetails.asp?pmodel=TL-WR740N

[Advisory Timeline]

  • 02/Feb/2011 -> First notification sent.
  • No vendor reply
  • 08/Feb/2011 -> Second Notification sent.
  • No vendor reply
  • 04/Mar/2011 -> Advisory Published.

[Bug Summary]

  • Stored XSS
  • Web Console and UPnP service DoS

[Impact]

  • Low

[Affected Version]

  • Firmware Version: 3.12.4 Build 100910 Rel.57694n
  • Firmware Version: 3.11.7 Build 100603 Rel.56412n
  • Other versions can also be affected but wasn't tested.

[Bug Description and Proof of Concept]

  • Stored XSS (Cross Site Scripting)
    Tp-Link does not validate/sanitize the user input data, leading to a stored XSS

  • Denial of Service
    If Ten (10) or more crafted packets are sent in less than 1 second,
    addressing WebConsole or UPnP port, the respective service becomes
    unresponsive.


All flaws described here were discovered and researched by:
Ewerson Guimaraes aka Crash.
DcLabs Security Research Group
crash <AT> dclabs <DOT> com <DOT> br

[Workarounds]

  • No workaround was provided addressing these vulnerabilities.

[Credits]
DcLabs Security Research Group

–
Ewerson Guimaraes (Crash)
Pentester/Researcher
DcLabs Security Team
www.dclabs.com.br