Matan Azugi has reported two vulnerabilities in the TP-LINK TL-WR841N Router, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site request forgery attacks.
1) Input appended to the URL after help/ is not properly verified before being used. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. modify user credentials if a logged-in administrative user visits a malicious web site.
The vulnerabilities are reported in firmware version 3.13.9 build 120201 Rel.54965n. Other versions may also be affected.
Solution: No official solution is currently available.
Provided and/or discovered by: Matan Azugi
Original Advisory: http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0224.html
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org