Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tp-Link | Tl-Wr840N Firmware | 3.13.27 |
| Tp-Link | Tl-Wr840N | 1.0 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2015/Jan/14
- http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2015-001/
- http://www.securityfocus.com/bid/71913
- http://www.tp-link.com/en/support/download/?model=TL-WR840N&version=V1Patch
- http://seclists.org/fulldisclosure/2015/Jan/14
- http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2015-001/
- http://www.securityfocus.com/bid/71913
- http://www.tp-link.com/en/support/download/?model=TL-WR840N&version=V1Patch
FAQ
What is CVE-2014-9510?
CVE-2014-9510 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the administration console in TP-Link TL-WR840N (V1) router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentic...
How severe is CVE-2014-9510?
CVE-2014-9510 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9510?
Check the references section above for vendor advisories and patch information. Affected products include: Tp-Link Tl-Wr840N Firmware, Tp-Link Tl-Wr840N.