Lucene search

[email protected]NVD:CVE-2013-2645

HistoryOct 06, 2014 - 1:55 a.m.

CVE-2013-2645

2014-10-0601:55:07

CWE-352

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

66.2%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka “FTP directory traversal”) to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm.

Affected configurations

NVD

Node

tp-linkfirmwareMatchtl-wr1043nd_v1_120405tp-link_wr1043n

References

securityevaluators.com/knowledge/case_studies/routers/tp-link_wr1043n.php

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

66.2%

JSON

Related for NVD:CVE-2013-2645

cve2 checkpoint_advisories1 prion2 cvelist1 nvd1