TP-Link TL-WR720N Wireless Router Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the TP-Link TL-WR720N wireless router, all versions. This vulnerability allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Exploitation involves tricking authenticated users into visiting attacker-controlled pages, which can result in the modification of port forwarding rules or changes to WiFi security settings.

Impact

Exploitation of this vulnerability allows for unauthorized administrative actions on the router, including changes to port forwarding rules and WiFi security settings.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the router's administrative interface. This can be done by tricking an authenticated user into clicking a link or visiting a page that sends the request. The exploit can be automated with a script that targets the router's IP address and the specific administrative functions that can be changed, such as port forwarding or WiFi security settings.