Month: June 2018

TP-Link TL-WR841N v13: CSRF (CVE-2018-12574)

  • Vulnerability: Cross-Site Request Forgery
  • Affected Software: TP-Link TL-WR841N v13
  • Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n
  • Patched Version: None
  • Risk: High
  • Vendor Contacted: 05/20/2018
  • Vendor Fix: None
  • Public Disclosure: 06/27/2018
Overview

The web interface of the router is vulnerable to CSRF. An attacker can perform arbitrary actions in the name of an authenticated user if that user visits an attacker-controlled website.

TP-Link TL-WR841N v13: Authenticated Blind Command Injection (CVE-2018-12577)

  • Vulnerability: Authenticated Blind Command Injection
  • Affected Software: TP-Link TL-WR841N v13
  • Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n
  • Patched Version: None
  • Risk: High
  • Vendor Contacted: 05/20/2018
  • Vendor Fix: None
  • Public Disclosure: 06/27/2018
Overview

The ping and traceroute functionalities allow for OS command injection. An authenticated attacker can use this to execute arbitrary commands on the router by sending specifically crafter HTTP requests to it.

TP-Link TL-WR841N v13: Broken Authentication (CVE-2018-12575)

  • Vulnerability: Broken Authentication
  • Affected Software: TP-Link TL-WR841N v13
  • Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n
  • Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n
  • Risk: High
  • Vendor Contacted: 05/20/2018
  • Vendor Fix: Issue was independently fixed in previous version
  • Public Disclosure: 06/27/2018

WARNING: WordPress File Delete to Code Execution

Who is affected According to w3tech, WordPress is used by approximately 30% of all websites1. This wide adoption makes it an interesting target for cyber criminals. At the time of writing no patch preventing the vulnerability described in this post is available. Any WordPress version, including the current 4.9.6 version, is susceptible to the vulnerability described in this blogpost.
For exploiting the vulnerability discussed in the following an attacker would need to gain the privileges to edit and delete media files beforehand.

RIPS becomes Joomla! Official Code Analysis Partner

RIPS and Joomla are pleased to announce a new partnership where Joomla will be using RIPS industry leading code analysis solution to continuously scan the Joomla code base for tangible security vulnerabilities and weaknesses. For RIPS, this deployment represents a milestone, serving one of the world’s most prominent open source organizations and further helping to enhance the security of open source projects.
„Security is an integral part of the Joomla development process.

Evil Teacher: Code Injection in Moodle

Impact – Who can exploit what? An attacker must be assigned the teacher role in a course of the latest Moodle (earlier than 3.5.0) running with default configurations. Escalating to this role via another vulnerability, such as XSS, would also be possible. Given these requirements and the knowledge of the vulnerability, the adversary will be able to execute arbitrary commands on the underlying operating system of the server running Moodle.