[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Bugtraq has a post saying that there as a stored XSS due to host name in a particular model of TP-Link router, and that the vendor had released a patch. Had some fun setting my host name in DHCP to contain HTML and JavaScript with my TP-Link router, and it looks like the issue is common across a wide range of TP-Link routers. You might think - why does it matter who looks at the DHCP client list? Well anyone who can do DHCP queries on your network can try DHCP exhaustion attacks, and how are you going to investigate that? Until TP-Link have patches you probably want to stop untrusted devices doing DHCP requests on networks using TP-Link routers. So WPA2, or restrict physical access, or be very careful visiting the the DHCP client page in the admin, especially if there appears to be a DHCP problem. This is wrong at so many levels. Obviously the web server bug, but also DHCP server making no effort to enforce valid host names. Not the first or last DHCP host name based injection, but I had good fun recreating it. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq