Details of VAR-201409-0021

ID

VAR-201409-0021

CVE

CVE-2012-6316

TITLE

TP-LINK TL-WR841N Router firmware cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-006301

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm. The TP-LINK TL-WR841N router is a wireless router device. The TP-LINK TL-WR841N router failed to properly verify the user-supplied input. Remotely authenticated attackers could exploit this vulnerability to inject malicious script code using the username or pwd parameters to obtain sensitive information or hijack user sessions. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. TP-LINK TL-WR841N 3.13.9 Build 120201 Rel.54965n is vulnerable; other versions may also be affected. There is a cross-site scripting vulnerability in TP-LINK TL-WR841N routers using firmware 3.13.9 and earlier. The vulnerability is caused by the userRpm/NoipDdnsRpm.htm script not adequately filtering the 'username' or 'pwd' parameters

Trust: 2.52

sources: NVD: CVE-2012-6316 // JVNDB: JVNDB-2012-006301 // CNVD: CNVD-2012-6654 // BID: 56602 // VULHUB: VHN-59597

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-6654

AFFECTED PRODUCTS

vendor:	tp link	model:	tl-wr841n	scope:	eq	version:	-	Trust: 1.0
vendor:	tp link	model:	tl-wr841n	scope:	lte	version:	3.13.9	Trust: 1.0
vendor:	tp link	model:	tl-wr841n	scope:	-	version:	-	Trust: 0.8
vendor:	tp link	model:	tl-wr841n	scope:	lte	version:	3.13.9 build 120201 rel.54965n	Trust: 0.8
vendor:	tp link	model:	tl-wr841n build rel.54965n	scope:	eq	version:	3.13.9120201	Trust: 0.6
vendor:	tp link	model:	tl-wr841n	scope:	eq	version:	3.13.9	Trust: 0.6

sources: CNVD: CNVD-2012-6654 // JVNDB: JVNDB-2012-006301 // CNNVD: CNNVD-201211-382 // NVD: CVE-2012-6316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-6316
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-6316
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201211-382
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-59597
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-6316
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-59597
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-59597 // JVNDB: JVNDB-2012-006301 // CNNVD: CNNVD-201211-382 // NVD: CVE-2012-6316

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-59597 // JVNDB: JVNDB-2012-006301 // NVD: CVE-2012-6316

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201211-382

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201211-382

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-006301

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-59597

PATCH

title:

TL-WR841N

url:

http://www.tp-linkru.com/products/details/?model=TL-WR841N

Trust: 0.8

sources: JVNDB: JVNDB-2012-006301

EXTERNAL IDS

db:	NVD	id:	CVE-2012-6316	Trust: 2.8
db:	BID	id:	56602	Trust: 2.6
db:	JVNDB	id:	JVNDB-2012-006301	Trust: 0.8
db:	CNNVD	id:	CNNVD-201211-382	Trust: 0.7
db:	XF	id:	80158	Trust: 0.6
db:	CNVD	id:	CNVD-2012-6654	Trust: 0.6
db:	PACKETSTORM	id:	118237	Trust: 0.1
db:	VULHUB	id:	VHN-59597	Trust: 0.1

sources: CNVD: CNVD-2012-6654 // VULHUB: VHN-59597 // BID: 56602 // JVNDB: JVNDB-2012-006301 // CNNVD: CNNVD-201211-382 // NVD: CVE-2012-6316

REFERENCES

url:	http://seclists.org/fulldisclosure/2012/dec/93	Trust: 2.5
url:	http://www.securityfocus.com/bid/56602	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6316	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6316	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/80158http	Trust: 0.6

sources: CNVD: CNVD-2012-6654 // VULHUB: VHN-59597 // JVNDB: JVNDB-2012-006301 // CNNVD: CNNVD-201211-382 // NVD: CVE-2012-6316

CREDITS

Matan Azugi

Trust: 0.9

sources: BID: 56602 // CNNVD: CNNVD-201211-382

SOURCES

db:	CNVD	id:	CNVD-2012-6654
db:	VULHUB	id:	VHN-59597
db:	BID	id:	56602
db:	JVNDB	id:	JVNDB-2012-006301
db:	CNNVD	id:	CNNVD-201211-382
db:	NVD	id:	CVE-2012-6316

LAST UPDATE DATE

2025-04-12T23:32:54.087000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-6654	date:	2012-11-22T00:00:00
db:	VULHUB	id:	VHN-59597	date:	2014-10-01T00:00:00
db:	BID	id:	56602	date:	2012-12-07T21:20:00
db:	JVNDB	id:	JVNDB-2012-006301	date:	2014-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201211-382	date:	2014-10-08T00:00:00
db:	NVD	id:	CVE-2012-6316	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-6654	date:	2012-11-22T00:00:00
db:	VULHUB	id:	VHN-59597	date:	2014-09-30T00:00:00
db:	BID	id:	56602	date:	2012-11-20T00:00:00
db:	JVNDB	id:	JVNDB-2012-006301	date:	2014-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201211-382	date:	2012-11-22T00:00:00
db:	NVD	id:	CVE-2012-6316	date:	2014-09-30T14:55:07.970