Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Firmware | tl-wr1043nd_v1_120405 |
Related Weaknesses (CWE)
References
- http://securityevaluators.com/knowledge/case_studies/routers/tp-link_wr1043n.php
- http://securityevaluators.com/knowledge/case_studies/routers/tp-link_wr1043n.php
FAQ
What is CVE-2013-2645?
CVE-2013-2645 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for r...
How severe is CVE-2013-2645?
CVE-2013-2645 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2645?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Firmware.