Lucene search
PRIOn knowledge basePRION:CVE-2013-2645HistoryOct 06, 2014 - 1:55 a.m.
Cross site request forgery (csrf)
2014-10-0601:55:00
PRIOn knowledge base
www.prio-n.com
5
Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka “FTP directory traversal”) to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm.
| CPE | Name | Operator | Version |
|---|---|---|---|
| firmware | eq | tlwr1043ndv1120405 |
Related
cve
cve
CVE-2013-2645
2014-10-06 01:55:07
CVE-2013-2644
2014-10-05 01:55:08
checkpoint_advisories
checkpoint_advisories
TP-LINK WR1043N Multiple Cross-Site Request Forgery (CVE-2013-2645)
2015-08-10 00:00:00
cvelist
cvelist
CVE-2013-2645
2014-10-06 01:00:00
nvd
nvd
CVE-2013-2645
2014-10-06 01:55:07
CVE-2013-2644
2014-10-05 01:55:08
prion
prion
Design/Logic Flaw
2014-10-05 01:55:00