The TP-LINK TL-WR841N wireless router contains a local file inclusion vulnerability which could allow an attacker to download critical configuration files off the device.
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
The TP-LINK TL-WR841N wireless router web-based management interface contains a local file inclusion (LFI) vulnerability. The URL parameter is not properly sanitized before being parsed. It has been reported that TP-LINK TL-WR841N wireless router running firmware version: 3.13.9 Build 120201 Rel.54965n and below are affected.
An attacker with access to the TP-LINK TL-WR841N web interface could download critical configuration files off the device.
We are currently unaware of a practical solution to this problem.
Thanks to Matan Azugi for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2013-01-11|
|Date Last Updated:||2013-01-11 13:23 UTC|