- Description
- On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 4.8
- Impact score
- 2.7
- Exploitability score
- 1.7
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr740n_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13CA99B0-BE20-4850-9D5E-2CC6020C4775"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr740n:4.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "63B5C5A3-E777-4BEA-96AF-914C49E6010E"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr740nd_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FC328D98-029C-4754-8763-1FECC6E857AE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr740nd:4.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F04E05E9-01DE-447E-9A7F-B66756B817B6"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]