4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
70.0%
The TP-LINK TL-WR841N wireless router contains a local file inclusion vulnerability which could allow an attacker to download critical configuration files off the device.
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
The TP-LINK TL-WR841N wireless router web-based management interface contains a local file inclusion (LFI) vulnerability. The URL parameter is not properly sanitized before being parsed. It has been reported that TP-LINK TL-WR841N wireless router running firmware version: 3.13.9 Build 120201 Rel.54965n and below are affected.
An attacker with access to the TP-LINK TL-WR841N web interface could download critical configuration files off the device.
We are currently unaware of a practical solution to this problem.
Restrict access
As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent local file inclusion attacks since the attack comes as an HTTP request from a legitimate user’s host. Restricting access would prevent an attacker from accessing the TP-LINK TL-WR841N web interface using stolen credentials from a blocked network location.
185100
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: January 07, 2013
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 4.3 | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Temporal | 3.1 | E:U/RL:W/RC:UC |
Environmental | 0.9 | CDP:L/TD:L/CR:ND/IR:ND/AR:ND |
Thanks to Matan Azugi for reporting this vulnerability.
This document was written by Michael Orlando.
CVE IDs: | CVE-2012-6276 |
---|---|
Date Public: | 2013-01-11 Date First Published: |