HTML Injection and CSRF Vulnerability in TP-Link TL-WR740N v4 and TL-WR740ND v4 Devices

HTML Injection and CSRF Vulnerability in TP-Link TL-WR740N v4 and TL-WR740ND v4 Devices

CVE-2020-14965 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.

Learn more about our Web Application Penetration Testing UK.