Vulnerability Note VU#834723

TP-Link 8840T DSL router default remote management vulnerability

Original Release date: 02 Apr 2012 | Last revised: 03 Apr 2013

Overview

The TP-Link 8840T DSL router's remote management feature is enabled by default.

Description

The TP-Link 8840T DSL router allows remote (WAN) internet users access to the administrator web interface of the device by default.

Impact

A remote unauthenticated attacker may be able to access the administrator web interface of the device.

Solution

We are currently unaware of a practical solution to this problem.

Disable the remote management feature

We recommend users disable the remote management feature inside the administrator web interface of the device.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
TP-LinkAffected03 Feb 201227 Mar 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal 6.8 E:F/RL:W/RC:C
Environmental 1.8 CDP:L/TD:L/CR:M/IR:M/AR:M

References

  • None

Credit

Thanks to Jakob Lell of TU Berlin AGRS for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

  • CVE IDs: Unknown
  • Date Public: 02 Apr 2012
  • Date First Published: 02 Apr 2012
  • Date Last Updated: 03 Apr 2013
  • Document Revision: 11

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.