CERTVU:834723TP-Link 8840T DSL router default remote management vulnerability
Overview
The TP-Link 8840T DSL routerβs remote management feature is enabled by default.
Description
The TP-Link 8840T DSL router allows remote (WAN) internet users access to the administrator web interface of the device by default.
Impact
A remote unauthenticated attacker may be able to access the administrator web interface of the device.
Solution
We are currently unaware of a practical solution to this problem.
Disable the remote management feature
We recommend users disable the remote management feature inside the administrator web interface of the device.
Vendor Information
834723
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
TP-Link Affected
Notified: February 03, 2012 Updated: March 27, 2012
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Temporal | 6.8 | E:F/RL:W/RC:C |
| Environmental | 1.8 | CDP:L/TD:L/CR:M/IR:M/AR:M |
References
Acknowledgements
Thanks to Jakob Lell of TU Berlin AGRS for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
| CVE IDs: | None |
|---|---|
| Date Public: | 2012-04-02 Date First Published: |