CVE-2017-14250 Information

Description

In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Firmware Version 3.11.7 Build 100603 Rel.56412n and Hardware Version: WR741N v1/v2 00000000 parameter SSID in the \Wireless Settings\ is not properly validated. It’s possible to inject malicious code: /scriptH1BUG/* /scripta href=XXX.com. The second payload blocks the change of wireless settings. A factory reset is required.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Reference

https://angeloanatrella86.github.io/CVE-2017/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5