VYPR
Unrated severityNVD Advisory· Published Jun 23, 2020· Updated Aug 4, 2024

CVE-2020-14965

CVE-2020-14965

Description

On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_lists_name. The vulnerability can also be exploited through a CSRF, requiring no authentication as an administrator.

Affected products

2

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.