TP-LINK WDR4300 - Stored XSS & DoS

Type securityvulns
Reporter Securityvulns
Modified 2014-10-14T00:00:00


Advisory Information

Vendors Contacted: TP-LINK Vendor Patched: Yes, Firmware 140916 System Affected: N750 Wireless Dual Band Gigabit Router (TL-WDR4300), might affect others. Versions Affected: 130617 , possibly earlier CVE Numbers Assigned: CVE-2014-4727, CVE-2014-4728

Vulnerabilities Description

Stored XSS -

It is possible inject javascript code via DHCP hostname field, If the administrator will visit the dhcp clients page (web panel) the script will execute.

DoS (web server) -

Denial of service condition to the device web server, remotely or locally send the device a "GET" request with an extra "Header" with a long value (A x 3000 times).

Proof of Concept:

Report Timeline:

2014-07-04: Vendor notified about the vulnerabilities with all the relevant technical information.

2013-09-16: Vendor released a fix.


The Vulnerabilities was discovered by Oz Elisyan.