Vulnerability Note VU#185100
TP-LINK TL-WR841N wireless router local file inclusion vulnerability
The TP-LINK TL-WR841N wireless router contains a local file inclusion vulnerability which could allow an attacker to download critical configuration files off the device.
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
The TP-LINK TL-WR841N wireless router web-based management interface contains a local file inclusion (LFI) vulnerability. The URL parameter is not properly sanitized before being parsed. It has been reported that TP-LINK TL-WR841N wireless router running firmware version: 3.13.9 Build 120201 Rel.54965n and below are affected.
An attacker with access to the TP-LINK TL-WR841N web interface could download critical configuration files off the device.
We are currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|TP-Link||Affected||-||07 Jan 2013|
CVSS Metrics (Learn More)
Thanks to Matan Azugi for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-6276
- Date Public: 11 Jan 2013
- Date First Published: 11 Jan 2013
- Date Last Updated: 11 Jan 2013
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.