|
Description
|
|
Michael Messner has reported two vulnerabilities in TL-WA701ND access point, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site request forgery attacks.
1) Input appended to the URL after /help/ is not properly sanitised before being used. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.
2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. modify user credentials or inject malicious HTML and script code if a logged-in administrative user visits a malicious web site.
The vulnerabilities are reported in versions 3.12.6 build 110210 Rel.37112n and 3.12.16 build 120228 Rel.37317n. Other versions may also be affected.
|
