CVE-2013-2645
published 2014-10-06CVE-2013-2645: Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack…
PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
3.01%
85.7th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tp-link | firmware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Trendmicro
Exploit Kit
blogs_trendmicro·2018-12-11
Exploit Kit
Cyber Threats
## Exploit Kit "Novidade" Found Targeting Home Routers
Analysis of the Novidade exploit kit that targets routers by changing their DNS settings via cross-site request forgery, enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with.
By: Joseph C Chen 2018/12/11 Read time: ( words)
Save to Folio
We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting the
Trendmicro
Exploit Kit
blogs_trendmicro·2018-12-11
Exploit Kit
Ciberamenazas
## Exploit Kit "Novidade" Found Targeting Home Routers
Analysis of the Novidade exploit kit that targets routers by changing their DNS settings via cross-site request forgery, enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with.
By: Joseph C Chen Dec 11, 2018 Read time: ( words)
Save to Folio
We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting th
Trendmicro
Exploit Kit
blogs_trendmicro·2018-12-11
Exploit Kit
Cyber Threats
## Exploit Kit "Novidade" Found Targeting Home Routers
Analysis of the Novidade exploit kit that targets routers by changing their DNS settings via cross-site request forgery, enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with.
By: Joseph C Chen Dec 11, 2018 Read time: ( words)
Save to Folio
We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting th
Trendmicro
Exploit Kit
blogs_trendmicro·2018-12-11
Exploit Kit
Cyber Threats
# Exploit Kit "Novidade" Found Targeting Home Routers
Analysis of the Novidade exploit kit that targets routers by changing their DNS settings via cross-site request forgery, enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with.
By: Joseph C Chen
2018/12/11
Read time: ( words)
Save to Folio
We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting the
Trendmicro
Exploit Kit
blogs_trendmicro·2018-12-11
Exploit Kit
Cyberbedrohungen
## Exploit Kit "Novidade" Found Targeting Home Routers
Analysis of the Novidade exploit kit that targets routers by changing their DNS settings via cross-site request forgery, enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with.
By: Joseph C Chen Dec 11, 2018 Read time: ( words)
Save to Folio
We identified a new exploit kit we named Novidade that targets home or small office routers by changing their Domain Name System (DNS) settings via cross-site request forgery (CSRF), enabling attacks on a victim’s mobile device or desktop through web applications in which they’re authenticated with. Once the DNS setting is changed to that of a malicious server, the attacker can execute a pharming attack, redirecting
2014-10-06
Published