CVE-2014-4727

TP-LINK TL-WDR4300 Firmware < 140916 - Cross-Site Scripting via DHCP Hostname

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the DHCP clients page in the TP-LINK N750 Wireless Dual Band Gigabit Router (TL-WDR4300) with firmware before 140916 allows remote attackers to inject arbitrary web script or HTML via the hostname in a DHCP request.

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/96139

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/533501/100/0/threaded

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/533499/100/0/threaded

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Sep/80

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/70037

Exploit x_refsource_misc

http://packetstormsecurity.com/files/128343/TP-LINK-WDR4300-XSS-Denial-Of-Service.html

Scores

EPSS 0.0042

EPSS Percentile 62.2%

Details

CWE

CWE-79

Status published

Products (2)

tp-link/tl-wdr4300

tp-link/tl-wdr4300_firmware < 130617

Published Sep 30, 2014

Tracked Since Feb 18, 2026