[DCA-2011-0001] [Discussion] - DcLabs Security Research Group advises about following vulnerability(ies): [Software/Hardware] - TP-LINK TL-WR740N [Vendor Product Description] - The TL-WR740N is a combined wired/wireless network connection device integrated with internet-sharing router and 4-port switch. The wireless Lite-  Router is 802.11b & g compatible based on 802.11n technology and gives you 802.11n performance up to 150Mbps at an even more affordable price. - Source: http://www.tp-link.com/products/productDetails.asp?pmodel=TL-WR740N [Advisory Timeline] - 02/Feb/2011 -> First notification sent. - No vendor reply - 08/Feb/2011 -> Second Notification sent. - No vendor reply - 04/Mar/2011 -> Advisory Published. [Bug Summary] - Stored XSS - Web Console and UPnP service DoS [Impact] - Low [Affected Version] - Firmware Version: 3.12.4 Build 100910 Rel.57694n - Firmware Version: 3.11.7 Build 100603 Rel.56412n - Other versions can also be affected but wasn't tested. [Bug Description and Proof of Concept] + Stored XSS (Cross Site Scripting) Tp-Link does not validate/sanitize the user input data, leading to a stored XSS + Denial of Service If Ten (10) or more crafted packets are sent in less than 1 second, addressing WebConsole or UPnP port, the respective service becomes unresponsive. ---------------------------------------------------------------------------------------- All flaws described here were discovered and researched by: Ewerson Guimaraes aka Crash. DcLabs Security Research Group crash dclabs com br [Workarounds] - No workaround was provided addressing these vulnerabilities. [Credits] DcLabs Security Research Group -- Ewerson Guimaraes (Crash) Pentester/Researcher DcLabs Security Team www.dclabs.com.br