what you don't know can hurt you

TP-Link TL-WR841N / TL-WR841ND Brute Force / CSRF

TP-Link TL-WR841N / TL-WR841ND Brute Force / CSRF
Posted Jun 1, 2018
Authored by MustLive

TP-Link TL-WR841N and TL-WR841ND suffer from brute force and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 0d27ce55365e140e3c96b96c8b28f8cb

TP-Link TL-WR841N / TL-WR841ND Brute Force / CSRF

Change Mirror Download
Hello list!

There are Brute Force and Cross-Site Request Forgery vulnerabilities in
TP-Link TL-WR841N and TL-WR841ND.

-------------------------
Affected products:
-------------------------

Vulnerable are the next models: TP-Link TL-WR841N and TL-WR841ND, Firmware
Version 3.16.9 Build 151216. All other versions also must be vulnerable.

----------
Details:
----------

Brute Force (WASC-11):

http://192.168.0.1

No protection from BF attacks in login form. By default access from Internet
is closed, so it's possible to pick up password only via LAN. But via CSRF
attacks it's possible to open remote access.

Cross-Site Request Forgery (WASC-09):

In section Remote Control.

Turn off access via Internet:
http://192.168.0.1/YVNLOORCJBATZQDB/userRpm/ManageControlRpm.htm?port=80&ip=0.0.0.0&Save=1

Turn on access via Internet:
http://192.168.0.1/YVNLOORCJBATZQDB/userRpm/ManageControlRpm.htm?port=80&ip=255.255.255.255&Save=1

For protection bypass it's needed to set Referer header and path
(YVNLOORCJBATZQDB), that changes every time at login to admin panel. This
path can be found through information leakage, social engineering or XSS
vulnerabilities in admin panel.

Cross-Site Request Forgery (WASC-09):

Logout from admin panel via request to page http://192.168.0.1.

<img src="http://192.168.0.1">

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/8485/).

Best wishes & regards,
Eugene Dokukin aka MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close