CVE-2020-14965

2020-06-23T14:15:00
ID CVE-2020-14965
Type cve
Reporter cve@mitre.org
Modified 2021-07-21T11:39:00

Description

On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.